summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/tests/kdc/krb5-canon.conf.in
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/tests/kdc/krb5-canon.conf.in')
-rw-r--r--third_party/heimdal/tests/kdc/krb5-canon.conf.in100
1 files changed, 100 insertions, 0 deletions
diff --git a/third_party/heimdal/tests/kdc/krb5-canon.conf.in b/third_party/heimdal/tests/kdc/krb5-canon.conf.in
new file mode 100644
index 0000000..0ce45b5
--- /dev/null
+++ b/third_party/heimdal/tests/kdc/krb5-canon.conf.in
@@ -0,0 +1,100 @@
+[libdefaults]
+ default_realm = TEST.H5L.SE TEST2.H5L.SE
+ no-addresses = TRUE
+ dns_lookup_realm = no
+ name_canon_rules = as-is:realm=TEST.H5L.SE
+ name_canon_rules = as-is:realm=TEST2.H5L.SE
+ name_canon_rules = as-is:realm=TEST3.H5L.SE
+ name_canon_rules = qualify:domain=test1.h5l.se:realm=TEST.H5L.SE
+ name_canon_rules = qualify:domain=test1.h5l.se:realm=TEST2.H5L.SE
+ name_canon_rules = qualify:domain=test2.h5l.se:realm=TEST2.H5L.SE
+ name_canon_rules = qualify:domain=test3.h5l.se:realm=TEST3.H5L.SE
+
+[appdefaults]
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+ reconnect-min = 2s
+ reconnect-backoff = 2s
+ reconnect-max = 10s
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ admin_server = localhost:@admport@
+ kpasswd_server = localhost:@pwport@
+ }
+ TEST2.H5L.SE = {
+ kdc = localhost:@port@
+ kpasswd_server = localhost:@pwport@
+ }
+ TEST3.H5L.SE = {
+ kdc = localhost:@port@
+ }
+
+[domain_realm]
+ .test1.h5l.se = TEST.H5L.SE
+ .test2.h5l.se = TEST2.H5L.SE
+ .test3.h5l.se = TEST3.H5L.SE
+ localhost = TEST.H5L.SE
+
+
+[kdc]
+ enable-digest = true
+ allow-anonymous = true
+ digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
+ strict-nametypes = true
+
+ enable-http = true
+
+ enable-pkinit = true
+ pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+ pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
+# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
+ pkinit_mappings_file = @srcdir@/pki-mapping
+ pkinit_allow_proxy_certificate = true
+
+ database = {
+ label = {
+ dbname = @objdir@/current-db@kdc@
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ acl_file = @srcdir@/heimdal.acl
+ log_file = @objdir@/current@kdc@.log
+ }
+ label2 = {
+ dbname = @objdir@/current-db@kdc@
+ realm = TEST2.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ acl_file = @srcdir@/heimdal.acl
+ log_file = @objdir@/current@kdc@.log
+ }
+ }
+
+ signal_socket = @objdir@/signal
+ iprop-stats = @objdir@/iprop-stats
+ iprop-acl = @srcdir@/iprop-acl
+
+[hdb]
+ db-dir = @objdir@
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
+
+[kadmin]
+ save-password = true
+ @dk@
+
+[capaths]
+ TEST.H5L.SE = {
+ TEST3.H5L.SE = .
+ TEST2.H5L.SE = .
+ }
+ TEST2.H5L.SE = {
+ TEST.H5L.SE = .
+ TEST3.H5L.SE = .
+ }
+ TEST3.H5L.SE = {
+ TEST.H5L.SE = .
+ TEST2.H5L.SE = .
+ }
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-08 23:40:30 +0000