[libdefaults] default_realm = _@_KRB5_REALM_@_ allow_weak_crypto = true default_tgs_enctypes = des-cbc-crc default_tkt_enctypes = des-cbc-crc ticket_lifetime = 24h # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] _@_KRB5_REALM_@_ = { kdc = kdc._@_SRV_DOMAIN_@_ admin_server = kas._@_SRV_DOMAIN_@_ database_module = ldap_kerberos.ma3.lliurex.net } [domain_realm] ._@_SRV_DOMAIN_@_ = _@_KRB5_REALM_@_ _@_SRV_DOMAIN_@_ = _@_KRB5_REALM_@_ [dbmodules] ldap_kerberos.ma3.lliurex.net = { db_library = kldap ldap_kerberos_container_dn = cn=krbcontainer,_@_LDAP_BASE_DN_@_ ldap_kdc_dn = cn=admin,_@_LDAP_BASE_DN_@_ ldap_kadmind_dn = cn=admin,_@_LDAP_BASE_DN_@_ ldap_service_password_file = /etc/krb5.secrets ldap_servers = ldaps://127.0.0.1 ldap_conns_per_server = 5 } [login] krb4_convert = false krb4_get_tickets = false [logging] kdc = SYSLOG:INFO:DAEMON admin_server = SYSLOG:INFO:DAEMON default = SYSLOG:INFO:DAEMON