2 default_realm = TEST.H5L.SE
4 allow_weak_crypto = TRUE
6 fcache_strict_checking = false
7 name_canon_rules = as-is:realm=TEST.H5L.SE
10 pkinit_anchors = FILE:@objdir@/ca.crt
11 pkinit_pool = FILE:@objdir@/ca.crt
15 kdc = localhost:@port@
21 strict-nametypes = true
22 synthetic_clients = true
24 pkinit_identity = FILE:@objdir@/kdc.crt,@srcdir@/../../lib/hx509/data/key2.der
25 pkinit_anchors = FILE:@objdir@/ca.crt
26 pkinit_mappings_file = @srcdir@/pki-mapping
28 # Locate kdc plugins for testing
29 plugin_dir = @objdir@/../../kdc/.libs
32 dbname = @objdir@/current-db
34 mkey_file = @objdir@/mkey.file
35 log_file = @objdir@/log.current-db.log
36 acl_file = @srcdir@/heimdal.acl
39 negotiate_token_validator = {
40 keytab = FILE:@objdir@/kt
47 include_pkinit_san = true
48 subject_name = CN=${principal-name-without-realm},DC=test,DC=h5l,DC=se
49 ekus = 1.3.6.1.5.5.7.3.2
50 ca = PEM-FILE:@objdir@/user-issuer.pem
54 include_dnsname_san = true
55 ekus = 1.3.6.1.5.5.7.3.1
56 ca = PEM-FILE:@objdir@/server-issuer.pem
60 ekus = 1.3.6.1.5.5.7.3.2
61 ca = PEM-FILE:@objdir@/user-issuer.pem
64 ekus = 1.3.6.1.5.5.7.3.1
65 ca = PEM-FILE:@objdir@/server-issuer.pem
68 ekus = 1.3.6.1.5.5.7.3.1
69 ekus = 1.3.6.1.5.5.7.3.2
70 ca = PEM-FILE:@objdir@/mixed-issuer.pem
78 enable_virtual_hostbased_princs = true
79 virtual_hostbased_princ_mindots = 1
80 virtual_hostbased_princ_maxdots = 3
81 virtual_hostbased_princ_svcs = HTTP host
84 new_hostbased_service_principal_attributes = {
86 a-particular-hostname.test.h5l.se = ok-as-delegate,no-auth-data-reqd
87 .prod.test.h5l.se = ok-as-delegate no-auth-data-reqd
92 kdc = 0-/FILE:@objdir@/messages.log
93 bx509d = 0-/FILE:@objdir@/messages.log
94 httpkadmind = 0-/FILE:@objdir@/messages.log
95 default = 0-/FILE:@objdir@/messages.log