diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
commit | 8daa83a594a2e98f39d764422bfbdbc62c9efd44 (patch) | |
tree | 4099e8021376c7d8c05bdf8503093d80e9c7bad0 /third_party/heimdal/tests/kdc/krb5-kcm.conf.in | |
parent | Initial commit. (diff) | |
download | samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.tar.xz samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.zip |
Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'third_party/heimdal/tests/kdc/krb5-kcm.conf.in')
-rw-r--r-- | third_party/heimdal/tests/kdc/krb5-kcm.conf.in | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/third_party/heimdal/tests/kdc/krb5-kcm.conf.in b/third_party/heimdal/tests/kdc/krb5-kcm.conf.in new file mode 100644 index 0000000..bdcca07 --- /dev/null +++ b/third_party/heimdal/tests/kdc/krb5-kcm.conf.in @@ -0,0 +1,165 @@ +[libdefaults] + default_realm = TEST.H5L.SE TEST2.H5L.SE + default_ccache_name = KCM:%{uid} + no-addresses = TRUE + allow_weak_crypto = @WEAK@ + dns_lookup_kdc = no + dns_lookup_realm = no + + +[appdefaults] + pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt + reconnect-min = 2s + reconnect-backoff = 2s + reconnect-max = 10s + +[realms] + TEST.H5L.SE = { + kdc = localhost:@port@ + admin_server = localhost:@admport@ + kpasswd_server = localhost:@pwport@ + } + SUB.TEST.H5L.SE = { + kdc = localhost:@port@ + } + TEST2.H5L.SE = { + kdc = localhost:@port@ + kpasswd_server = localhost:@pwport@ + } + TEST3.H5L.SE = { + kdc = localhost:@port@ + } + TEST4.H5L.SE = { + kdc = localhost:@port@ + } + SOME-REALM5.FR = { + kdc = localhost:@port@ + } + SOME-REALM6.US = { + kdc = localhost:@port@ + } + SOME-REALM7.UK = { + kdc = localhost:@port@ + } + SOME-REALM8.UK = { + kdc = localhost:@port@ + } + TEST-HTTP.H5L.SE = { + kdc = http/localhost:@port@ + } + H1.TEST.H5L.SE = { + kdc = localhost:@port@ + } + H2.TEST.H5L.SE = { + kdc = localhost:@port@ + } + H3.H2.TEST.H5L.SE = { + kdc = localhost:@port@ + } + H4.H2.TEST.H5L.SE = { + kdc = localhost:@port@ + } + +[domain_realm] + .test.h5l.se = TEST.H5L.SE + .sub.test.h5l.se = SUB.TEST.H5L.SE + .h1.test.h5l.se = H1.TEST.H5L.SE + .h2.test.h5l.se = H2.TEST.H5L.SE + .h3.h2.test.h5l.se = H3.H2.TEST.H5L.SE + .h4.h2.test.h5l.se = H4.H2.TEST.H5L.SE + .example.com = TEST2.H5L.SE + localhost = TEST.H5L.SE + .localdomain = TEST.H5L.SE + localdomain = TEST.H5L.SE + .localdomain6 = TEST.H5L.SE + localdomain6 = TEST.H5L.SE + + +[kdc] + enable-digest = true + allow-anonymous = true + digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2 + strict-nametypes = true + + enable-http = true + + enable-pkinit = true + pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key + pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt + pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt +# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl + pkinit_mappings_file = @srcdir@/pki-mapping + pkinit_allow_proxy_certificate = true + + database = { + label = { + dbname = @db_type@:@objdir@/current-db@kdc@ + realm = TEST.H5L.SE + mkey_file = @objdir@/mkey.file + acl_file = @srcdir@/heimdal.acl + log_file = @objdir@/current@kdc@.log + } + label2 = { + dbname = @db_type@:@objdir@/current-db@kdc@ + realm = TEST2.H5L.SE + mkey_file = @objdir@/mkey.file + acl_file = @srcdir@/heimdal.acl + log_file = @objdir@/current@kdc@.log + } + label3 = { + dbname = sqlite:@objdir@/current-db@kdc@.sqlite3 + realm = SOME-REALM5.FR + mkey_file = @objdir@/mkey.file + acl_file = @srcdir@/heimdal.acl + log_file = @objdir@/current@kdc@.log + } + } + + signal_socket = @objdir@/signal + iprop-stats = @objdir@/iprop-stats + iprop-acl = @srcdir@/iprop-acl + log-max-size = 40000 + +[hdb] + db-dir = @objdir@ + +[logging] + kdc = 0-/FILE:@objdir@/messages.log + krb5 = 0-/FILE:@objdir@/messages.log + default = 0-/FILE:@objdir@/messages.log + +# If you are doing preformance measurements on OSX you want to change +# the kdc LOG line from = to - below to keep the FILE open and avoid +# open/write/close which is blocking (rdar:// ) on OSX. +# kdc = 0-/FILE=@objdir@/messages.log + +[kadmin] + save-password = true + default_key_rules = { + */des3-only@* = des3-cbc-sha1:pw-salt + */aes-only@* = aes256-cts-hmac-sha1-96:pw-salt + } + @dk@ + +[capaths] + TEST.H5L.SE = { + TEST2.H5L.SE = . + SOME-REALM5.FR = 1 + TEST3.H5L.SE = TEST2.H5L.SE + TEST4.H5L.SE = TEST2.H5L.SE + TEST4.H5L.SE = TEST3.H5L.SE + SOME-REALM6.US = SOME-REALM5.FR + SOME-REALM7.UK = SOME-REALM6.US + SOME-REALM7.UK = SOME-REALM5.FR + SOME-REALM8.UK = SOME-REALM6.US + } + H4.H2.TEST.H5L.SE = { + H1.TEST.H5L.SE = H3.H2.TEST.H5L.SE + H1.TEST.H5L.SE = H2.TEST.H5L.SE + H1.TEST.H5L.SE = TEST.H5L.SE + + TEST.H5L.SE = H3.H2.TEST.H5L.SE + TEST.H5L.SE = H2.TEST.H5L.SE + + H2.TEST.H5L.SE = H3.H2.TEST.H5L.SE + } |