add possible to set rules on what enctypes to use based on glob matching on principal
[heimdal.git] / tests / kdc / krb5.conf.in
blobc7895c56cdf6e788eaa21e44b40c6f499b6ef3b7
1 [libdefaults]
2         default_realm = TEST.H5L.SE TEST2.H5L.SE
3         no-addresses = TRUE
4         allow_weak_crypto = @WEAK@
5         dns_lookup_kdc = no
6         dns_lookup_realm = no
9 [appdefaults]
10         pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
11         reconnect-min = 2s
12         reconnect-backoff = 2s
13         reconnect-max = 10s
15 [realms]
16         TEST.H5L.SE = {
17                 kdc = localhost:@port@
18                 admin_server = localhost:@admport@
19                 kpasswd_server = localhost:@pwport@
20         }
21         SUB.TEST.H5L.SE = {
22                 kdc = localhost:@port@
23         }
24         TEST2.H5L.SE = {
25                 kdc = localhost:@port@
26                 kpasswd_server = localhost:@pwport@
27         }
28         TEST3.H5L.SE = {
29                 kdc = localhost:@port@
30         }
31         TEST4.H5L.SE = {
32                 kdc = localhost:@port@
33         }
34         SOME-REALM5.FR = {
35                 kdc = localhost:@port@
36         }
37         SOME-REALM6.US = {
38                 kdc = localhost:@port@
39         }
40         SOME-REALM7.UK = {
41                 kdc = localhost:@port@
42         }
43         TEST-HTTP.H5L.SE = {
44                 kdc = http/localhost:@port@
45         }
47 [domain_realm]
48         .test.h5l.se = TEST.H5L.SE
49         .sub.test.h5l.se = SUB.TEST.H5L.SE
50         .example.com = TEST2.H5L.SE
51         localhost = TEST.H5L.SE
52         .localdomain = TEST.H5L.SE
53         localdomain = TEST.H5L.SE
54         .localdomain6 = TEST.H5L.SE
55         localdomain6 = TEST.H5L.SE
56         
58 [kdc]
59         enable-digest = true
60         allow-anonymous = true
61         digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
63         enable-http = true
65         enable-pkinit = true
66         pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
67         pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
68         pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
69 #       pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
70         pkinit_mappings_file = @srcdir@/pki-mapping
71         pkinit_allow_proxy_certificate = true
73         database = {
74                 label = { 
75                         dbname = @objdir@/current-db@kdc@
76                         realm = TEST.H5L.SE
77                         mkey_file = @objdir@/mkey.file
78                         acl_file = @srcdir@/heimdal.acl
79                         log_file = @objdir@/current@kdc@.log
80                 }
81                 label2 = { 
82                         dbname = @objdir@/current-db@kdc@
83                         realm = TEST2.H5L.SE
84                         mkey_file = @objdir@/mkey.file
85                         acl_file = @srcdir@/heimdal.acl
86                         log_file = @objdir@/current@kdc@.log
87                 }
88                 label3 = { 
89                         dbname = sqlite:@objdir@/current-db@kdc@.sqlite3
90                         realm = SOME-REALM5.FR
91                         mkey_file = @objdir@/mkey.file
92                         acl_file = @srcdir@/heimdal.acl
93                         log_file = @objdir@/current@kdc@.log
94                 }
95         }
97         signal_socket = @objdir@/signal
98         iprop-stats = @objdir@/iprop-stats
99         iprop-acl = @srcdir@/iprop-acl
101 [hdb]
102         db-dir = @objdir@
104 [logging]
105         kdc = 0-/FILE:@objdir@/messages.log
106         krb5 = 0-/FILE:@objdir@/messages.log
107         default = 0-/FILE:@objdir@/messages.log
109 # If you are doing preformance measurements on OSX you want to change
110 # the kdc LOG line from = to - below to keep the FILE open and avoid
111 # open/write/close which is blocking (rdar:// ) on OSX.
112 #       kdc = 0-/FILE=@objdir@/messages.log
114 [kadmin]
115         save-password = true
116         default_key_rules = {
117                 */des3-only@* = des3-cbc-sha1:pw-salt
118                 */aes-only@* = aes256-cts-hmac-sha1-96:pw-salt
119         }
120         @dk@
122 [capaths]
123         TEST.H5L.SE = {
124                 TEST2.H5L.SE = .
125                 SOME-REALM5.FR = 1
126                 TEST3.H5L.SE = TEST2.H5L.SE
127                 TEST4.H5L.SE = TEST2.H5L.SE
128                 TEST4.H5L.SE = TEST3.H5L.SE
129                 SOME-REALM6.US = SOME-REALM5.FR
130                 SOME-REALM7.UK = SOME-REALM6.US
131         }