| blob | c7895c56cdf6e788eaa21e44b40c6f499b6ef3b7 |
1 [libdefaults]
2 default_realm = TEST.H5L.SE TEST2.H5L.SE
3 no-addresses = TRUE
4 allow_weak_crypto = @WEAK@
5 dns_lookup_kdc = no
6 dns_lookup_realm = no
9 [appdefaults]
10 pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
11 reconnect-min = 2s
12 reconnect-backoff = 2s
13 reconnect-max = 10s
15 [realms]
16 TEST.H5L.SE = {
17 kdc = localhost:@port@
18 admin_server = localhost:@admport@
19 kpasswd_server = localhost:@pwport@
20 }
21 SUB.TEST.H5L.SE = {
22 kdc = localhost:@port@
23 }
24 TEST2.H5L.SE = {
25 kdc = localhost:@port@
26 kpasswd_server = localhost:@pwport@
27 }
28 TEST3.H5L.SE = {
29 kdc = localhost:@port@
30 }
31 TEST4.H5L.SE = {
32 kdc = localhost:@port@
33 }
34 SOME-REALM5.FR = {
35 kdc = localhost:@port@
36 }
37 SOME-REALM6.US = {
38 kdc = localhost:@port@
39 }
40 SOME-REALM7.UK = {
41 kdc = localhost:@port@
42 }
43 TEST-HTTP.H5L.SE = {
44 kdc = http/localhost:@port@
45 }
47 [domain_realm]
48 .test.h5l.se = TEST.H5L.SE
49 .sub.test.h5l.se = SUB.TEST.H5L.SE
50 .example.com = TEST2.H5L.SE
51 localhost = TEST.H5L.SE
52 .localdomain = TEST.H5L.SE
53 localdomain = TEST.H5L.SE
54 .localdomain6 = TEST.H5L.SE
55 localdomain6 = TEST.H5L.SE
58 [kdc]
59 enable-digest = true
60 allow-anonymous = true
61 digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
63 enable-http = true
65 enable-pkinit = true
66 pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
67 pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
68 pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
69 # pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
70 pkinit_mappings_file = @srcdir@/pki-mapping
71 pkinit_allow_proxy_certificate = true
73 database = {
74 label = {
75 dbname = @objdir@/current-db@kdc@
76 realm = TEST.H5L.SE
77 mkey_file = @objdir@/mkey.file
78 acl_file = @srcdir@/heimdal.acl
79 log_file = @objdir@/current@kdc@.log
80 }
81 label2 = {
82 dbname = @objdir@/current-db@kdc@
83 realm = TEST2.H5L.SE
84 mkey_file = @objdir@/mkey.file
85 acl_file = @srcdir@/heimdal.acl
86 log_file = @objdir@/current@kdc@.log
87 }
88 label3 = {
89 dbname = sqlite:@objdir@/current-db@kdc@.sqlite3
90 realm = SOME-REALM5.FR
91 mkey_file = @objdir@/mkey.file
92 acl_file = @srcdir@/heimdal.acl
93 log_file = @objdir@/current@kdc@.log
94 }
95 }
97 signal_socket = @objdir@/signal
98 iprop-stats = @objdir@/iprop-stats
99 iprop-acl = @srcdir@/iprop-acl
101 [hdb]
102 db-dir = @objdir@
104 [logging]
105 kdc = 0-/FILE:@objdir@/messages.log
106 krb5 = 0-/FILE:@objdir@/messages.log
107 default = 0-/FILE:@objdir@/messages.log
109 # If you are doing preformance measurements on OSX you want to change
110 # the kdc LOG line from = to - below to keep the FILE open and avoid
111 # open/write/close which is blocking (rdar:// ) on OSX.
112 # kdc = 0-/FILE=@objdir@/messages.log
114 [kadmin]
115 save-password = true
116 default_key_rules = {
117 */des3-only@* = des3-cbc-sha1:pw-salt
118 */aes-only@* = aes256-cts-hmac-sha1-96:pw-salt
119 }
120 @dk@
122 [capaths]
123 TEST.H5L.SE = {
124 TEST2.H5L.SE = .
125 SOME-REALM5.FR = 1
126 TEST3.H5L.SE = TEST2.H5L.SE
127 TEST4.H5L.SE = TEST2.H5L.SE
128 TEST4.H5L.SE = TEST3.H5L.SE
129 SOME-REALM6.US = SOME-REALM5.FR
130 SOME-REALM7.UK = SOME-REALM6.US
131 }