tests/kdc/krb5.conf.in

   1 [libdefaults]
   2         default_realm = TEST.H5L.SE TEST2.H5L.SE
   3         no-addresses = TRUE
   4         allow_weak_crypto = @WEAK@
   5         dns_lookup_kdc = no
   6         dns_lookup_realm = no
   7
   8
   9 [appdefaults]
  10         pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
  11         reconnect-min = 2s
  12         reconnect-backoff = 2s
  13         reconnect-max = 10s
  14
  15 [realms]
  16         TEST.H5L.SE = {
  17                 kdc = localhost:@port@
  18                 admin_server = localhost:@admport@
  19                 kpasswd_server = localhost:@pwport@
  20         }
  21         SUB.TEST.H5L.SE = {
  22                 kdc = localhost:@port@
  23         }
  24         TEST2.H5L.SE = {
  25                 kdc = localhost:@port@
  26                 kpasswd_server = localhost:@pwport@
  27         }
  28         TEST3.H5L.SE = {
  29                 kdc = localhost:@port@
  30         }
  31         TEST4.H5L.SE = {
  32                 kdc = localhost:@port@
  33         }
  34         XTST.HEIM.EXAMPLE = {
  35                 kdc = localhost:@port@
  36         }
  37         SOME-REALM5.FR = {
  38                 kdc = localhost:@port@
  39         }
  40         SOME-REALM6.US = {
  41                 kdc = localhost:@port@
  42         }
  43         SOME-REALM7.UK = {
  44                 kdc = localhost:@port@
  45         }
  46         SOME-REALM8.UK = {
  47                 kdc = localhost:@port@
  48         }
  49         TEST-HTTP.H5L.SE = {
  50                 kdc = http/localhost:@port@
  51         }
  52         H1.TEST.H5L.SE = {
  53                 kdc = localhost:@port@
  54         }
  55         H2.TEST.H5L.SE = {
  56                 kdc = localhost:@port@
  57         }
  58         H3.H2.TEST.H5L.SE = {
  59                 kdc = localhost:@port@
  60         }
  61         H4.H2.TEST.H5L.SE = {
  62                 kdc = localhost:@port@
  63         }
  64
  65 [domain_realm]
  66         .test.h5l.se = TEST.H5L.SE
  67         .sub.test.h5l.se = SUB.TEST.H5L.SE
  68         .h1.test.h5l.se = H1.TEST.H5L.SE
  69         .h2.test.h5l.se = H2.TEST.H5L.SE
  70         .h3.h2.test.h5l.se = H3.H2.TEST.H5L.SE
  71         .h4.h2.test.h5l.se = H4.H2.TEST.H5L.SE
  72         .example.com = TEST2.H5L.SE
  73         localhost = TEST.H5L.SE
  74         .localdomain = TEST.H5L.SE
  75         localdomain = TEST.H5L.SE
  76         .localdomain6 = TEST.H5L.SE
  77         localdomain6 = TEST.H5L.SE
  78
  79
  80 [kdc]
  81         enable-digest = true
  82         allow-anonymous = true
  83         digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
  84         strict-nametypes = true
  85
  86         enable-http = true
  87
  88         synthetic_clients = true
  89
  90         enable_gss_preauth = true
  91         gss_mechanisms_allowed = sanon-x25519
  92
  93         enable-pkinit = true
  94         pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
  95         pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
  96         pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
  97 #       pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
  98         pkinit_mappings_file = @srcdir@/pki-mapping
  99         pkinit_allow_proxy_certificate = true
 100
 101         database = {
 102                 label = {
 103                         dbname = @db_type@:@objdir@/current-db@kdc@
 104                         realm = TEST.H5L.SE
 105                         mkey_file = @objdir@/mkey.file
 106                         acl_file = @srcdir@/heimdal.acl
 107                         log_file = @objdir@/current@kdc@.log
 108                 }
 109                 label2 = {
 110                         dbname = @db_type@:@objdir@/current-db@kdc@
 111                         realm = TEST2.H5L.SE
 112                         mkey_file = @objdir@/mkey.file
 113                         acl_file = @srcdir@/heimdal.acl
 114                         log_file = @objdir@/current@kdc@.log
 115                 }
 116                 label3 = {
 117                         dbname = sqlite:@objdir@/current-db@kdc@.sqlite3
 118                         realm = SOME-REALM5.FR
 119                         mkey_file = @objdir@/mkey.file
 120                         acl_file = @srcdir@/heimdal.acl
 121                         log_file = @objdir@/current@kdc@.log
 122                 }
 123         }
 124
 125         signal_socket = @objdir@/@signalsocket@
 126         iprop-stats = @objdir@/@ipropstats@
 127         iprop-acl = @srcdir@/iprop-acl
 128         log-max-size = 40000
 129
 130 [hdb]
 131         db-dir = @objdir@
 132         enable_virtual_hostbased_princs = true
 133         virtual_hostbased_princ_mindots = 1
 134         virtual_hostbased_princ_maxdots = 3
 135
 136 [logging]
 137         kdc = 0-/FILE:@objdir@/@messages@.log
 138         krb5 = 0-/FILE:@objdir@/@messages@.log
 139         default = 0-/FILE:@objdir@/@messages@.log
 140
 141 # If you are doing preformance measurements on OSX you want to change
 142 # the kdc LOG line from = to - below to keep the FILE open and avoid
 143 # open/write/close which is blocking (rdar:// ) on OSX.
 144 #       kdc = 0-/FILE=@objdir@/@messages@.log
 145
 146 [kadmin]
 147         save-password = true
 148         default_key_rules = {
 149                 */des3-only@* = des3-cbc-sha1:pw-salt
 150                 */aes-only@* = aes256-cts-hmac-sha1-96:pw-salt
 151         }
 152         @dk@
 153
 154 [capaths]
 155         TEST.H5L.SE = {
 156                 TEST2.H5L.SE = .
 157                 SOME-REALM5.FR = 1
 158                 TEST3.H5L.SE = TEST2.H5L.SE
 159                 TEST4.H5L.SE = TEST2.H5L.SE
 160                 TEST4.H5L.SE = TEST3.H5L.SE
 161                 SOME-REALM6.US = SOME-REALM5.FR
 162                 SOME-REALM7.UK = SOME-REALM6.US
 163                 SOME-REALM7.UK = SOME-REALM5.FR
 164                 SOME-REALM8.UK = SOME-REALM6.US
 165         }
 166         H4.H2.TEST.H5L.SE = {
 167                 H1.TEST.H5L.SE = H3.H2.TEST.H5L.SE
 168                 H1.TEST.H5L.SE = H2.TEST.H5L.SE
 169                 H1.TEST.H5L.SE = TEST.H5L.SE
 170
 171                 TEST.H5L.SE = H3.H2.TEST.H5L.SE
 172                 TEST.H5L.SE = H2.TEST.H5L.SE
 173
 174                 H2.TEST.H5L.SE = H3.H2.TEST.H5L.SE
 175         }