blob: aae031db645ebe06da1862f268de1d2e59d26682 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
include @srcdirabs@/include-krb5.conf
[libdefaults]
default_keytab_name = @objdir@/server.keytab
enable-kx509 = yes
kx509_store = PEM-FILE:/tmp/cert_%{euid}.pem
default_realm = TEST.H5L.SE
kuserok = SYSTEM-K5LOGIN:@srcdir@/../kdc/k5login
kuserok = USER-K5LOGIN
kuserok = SIMPLE
[realms]
TEST.H5L.SE = {
kdc = localhost:@port@
auth_to_local_names = {
user1 = mapped_user1
}
}
[kdc]
enable-digest = true
allow-anonymous = true
digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
strict-nametypes = true
synthetic_clients = true
enable_gss_preauth = true
gss_mechanisms_allowed = sanon-x25519
enable-pkinit = true
pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
pkinit_mappings_file = @srcdir@/pki-mapping
pkinit_allow_proxy_certificate = true
database = {
dbname = @objdir@/current-db
realm = TEST.H5L.SE
mkey_file = @objdir@/mkey.file
log_file = @objdir@/current.log
}
[hdb]
db-dir = @objdir@
enable_virtual_hostbased_princs = true
virtual_hostbased_princ_mindots = 1
virtual_hostbased_princ_maxdots = 3
[logging]
kdc = 0-/FILE:@objdir@/messages.log
default = 0-/FILE:@objdir@/messages.log
include @srcdirabs@/missing-krb5.conf
|