| blob | fb2fc6a2f088e07baf2a00b9250549a0c253fc77 |
1 [libdefaults]
2 default_realm = TEST.H5L.SE
3 no-addresses = TRUE
4 allow_weak_crypto = TRUE
5 rdns = false
6 fcache_strict_checking = false
7 name_canon_rules = as-is:realm=TEST.H5L.SE
9 [appdefaults]
10 pkinit_anchors = FILE:@objdir@/ca.crt
11 pkinit_pool = FILE:@objdir@/ca.crt
13 [realms]
14 TEST.H5L.SE = {
15 kdc = localhost:@port@
16 pkinit_win2k = @w2k@
17 }
19 [kdc]
20 num-kdc-processes = 1
21 strict-nametypes = true
22 synthetic_clients = true
23 enable-pkinit = true
24 pkinit_identity = FILE:@objdir@/kdc.crt,@srcdir@/../../lib/hx509/data/key2.der
25 pkinit_anchors = FILE:@objdir@/ca.crt
26 pkinit_mappings_file = @srcdir@/pki-mapping
28 # Locate kdc plugins for testing
29 plugin_dir = @objdir@/../../kdc/.libs
31 database = {
32 dbname = @objdir@/current-db
33 realm = TEST.H5L.SE
34 mkey_file = @objdir@/mkey.file
35 log_file = @objdir@/log.current-db.log
36 acl_file = @srcdir@/heimdal.acl
37 }
39 negotiate_token_validator = {
40 keytab = FILE:@objdir@/kt
41 }
43 realms = {
44 TEST.H5L.SE = {
45 kx509 = {
46 user = {
47 include_pkinit_san = true
48 subject_name = CN=${principal-name-without-realm},DC=test,DC=h5l,DC=se
49 ekus = 1.3.6.1.5.5.7.3.2
50 ca = PEM-FILE:@objdir@/user-issuer.pem
51 }
52 hostbased_service = {
53 HTTP = {
54 include_dnsname_san = true
55 ekus = 1.3.6.1.5.5.7.3.1
56 ca = PEM-FILE:@objdir@/server-issuer.pem
57 }
58 }
59 client = {
60 ekus = 1.3.6.1.5.5.7.3.2
61 ca = PEM-FILE:@objdir@/user-issuer.pem
62 }
63 server = {
64 ekus = 1.3.6.1.5.5.7.3.1
65 ca = PEM-FILE:@objdir@/server-issuer.pem
66 }
67 mixed = {
68 ekus = 1.3.6.1.5.5.7.3.1
69 ekus = 1.3.6.1.5.5.7.3.2
70 ca = PEM-FILE:@objdir@/mixed-issuer.pem
71 }
72 }
73 }
74 }
76 [hdb]
77 db-dir = @objdir@
78 enable_virtual_hostbased_princs = true
79 virtual_hostbased_princ_mindots = 1
80 virtual_hostbased_princ_maxdots = 3
81 virtual_hostbased_princ_svcs = HTTP host
83 [ext_keytab]
84 new_hostbased_service_principal_attributes = {
85 host = {
86 a-particular-hostname.test.h5l.se = ok-as-delegate,no-auth-data-reqd
87 .prod.test.h5l.se = ok-as-delegate no-auth-data-reqd
88 }
89 }
91 [logging]
92 kdc = 0-/FILE:@objdir@/messages.log
93 bx509d = 0-/FILE:@objdir@/messages.log
94 httpkadmind = 0-/FILE:@objdir@/messages.log
95 default = 0-/FILE:@objdir@/messages.log
97 [domain_realm]
98 . = TEST.H5L.SE