tests/kdc/krb5-canon.conf.in

   1 [libdefaults]
   2         default_realm = TEST.H5L.SE TEST2.H5L.SE
   3         no-addresses = TRUE
   4         dns_lookup_realm = no
   5         name_canon_rules = as-is:realm=TEST.H5L.SE
   6         name_canon_rules = as-is:realm=TEST2.H5L.SE
   7         name_canon_rules = as-is:realm=TEST3.H5L.SE
   8         name_canon_rules = qualify:domain=test1.h5l.se:realm=TEST.H5L.SE
   9         name_canon_rules = qualify:domain=test1.h5l.se:realm=TEST2.H5L.SE
  10         name_canon_rules = qualify:domain=test2.h5l.se:realm=TEST2.H5L.SE
  11         name_canon_rules = qualify:domain=test3.h5l.se:realm=TEST3.H5L.SE
  12
  13 [appdefaults]
  14         pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
  15         reconnect-min = 2s
  16         reconnect-backoff = 2s
  17         reconnect-max = 10s
  18
  19 [realms]
  20         TEST.H5L.SE = {
  21                 kdc = localhost:@port@
  22                 admin_server = localhost:@admport@
  23                 kpasswd_server = localhost:@pwport@
  24         }
  25         TEST2.H5L.SE = {
  26                 kdc = localhost:@port@
  27                 kpasswd_server = localhost:@pwport@
  28         }
  29         TEST3.H5L.SE = {
  30                 kdc = localhost:@port@
  31         }
  32
  33 [domain_realm]
  34         .test1.h5l.se = TEST.H5L.SE
  35         .test2.h5l.se = TEST2.H5L.SE
  36         .test3.h5l.se = TEST3.H5L.SE
  37         localhost = TEST.H5L.SE
  38
  39
  40 [kdc]
  41         enable-digest = true
  42         allow-anonymous = true
  43         digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
  44         strict-nametypes = true
  45
  46         enable-http = true
  47
  48         enable-pkinit = true
  49         pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
  50         pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
  51         pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
  52 #       pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
  53         pkinit_mappings_file = @srcdir@/pki-mapping
  54         pkinit_allow_proxy_certificate = true
  55
  56         database = {
  57                 label = {
  58                         dbname = @objdir@/current-db@kdc@
  59                         realm = TEST.H5L.SE
  60                         mkey_file = @objdir@/mkey.file
  61                         acl_file = @srcdir@/heimdal.acl
  62                         log_file = @objdir@/current@kdc@.log
  63                 }
  64                 label2 = {
  65                         dbname = @objdir@/current-db@kdc@
  66                         realm = TEST2.H5L.SE
  67                         mkey_file = @objdir@/mkey.file
  68                         acl_file = @srcdir@/heimdal.acl
  69                         log_file = @objdir@/current@kdc@.log
  70                 }
  71         }
  72
  73         signal_socket = @objdir@/signal
  74         iprop-stats = @objdir@/iprop-stats
  75         iprop-acl = @srcdir@/iprop-acl
  76
  77 [hdb]
  78         db-dir = @objdir@
  79
  80 [logging]
  81         kdc = 0-/FILE:@objdir@/messages.log
  82         default = 0-/FILE:@objdir@/messages.log
  83
  84 [kadmin]
  85         save-password = true
  86         @dk@
  87
  88 [capaths]
  89         TEST.H5L.SE = {
  90                 TEST3.H5L.SE = .
  91                 TEST2.H5L.SE = .
  92         }
  93         TEST2.H5L.SE = {
  94                 TEST.H5L.SE = .
  95                 TEST3.H5L.SE = .
  96         }
  97         TEST3.H5L.SE = {
  98                 TEST.H5L.SE = .
  99                 TEST2.H5L.SE = .
 100         }