diff options
Diffstat (limited to 'third_party/heimdal/tests/kdc/krb5-canon.conf.in')
| -rw-r--r-- | third_party/heimdal/tests/kdc/krb5-canon.conf.in | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/third_party/heimdal/tests/kdc/krb5-canon.conf.in b/third_party/heimdal/tests/kdc/krb5-canon.conf.in new file mode 100644 index 0000000..0ce45b5 --- /dev/null +++ b/third_party/heimdal/tests/kdc/krb5-canon.conf.in @@ -0,0 +1,100 @@ +[libdefaults] + default_realm = TEST.H5L.SE TEST2.H5L.SE + no-addresses = TRUE + dns_lookup_realm = no + name_canon_rules = as-is:realm=TEST.H5L.SE + name_canon_rules = as-is:realm=TEST2.H5L.SE + name_canon_rules = as-is:realm=TEST3.H5L.SE + name_canon_rules = qualify:domain=test1.h5l.se:realm=TEST.H5L.SE + name_canon_rules = qualify:domain=test1.h5l.se:realm=TEST2.H5L.SE + name_canon_rules = qualify:domain=test2.h5l.se:realm=TEST2.H5L.SE + name_canon_rules = qualify:domain=test3.h5l.se:realm=TEST3.H5L.SE + +[appdefaults] + pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt + reconnect-min = 2s + reconnect-backoff = 2s + reconnect-max = 10s + +[realms] + TEST.H5L.SE = { + kdc = localhost:@port@ + admin_server = localhost:@admport@ + kpasswd_server = localhost:@pwport@ + } + TEST2.H5L.SE = { + kdc = localhost:@port@ + kpasswd_server = localhost:@pwport@ + } + TEST3.H5L.SE = { + kdc = localhost:@port@ + } + +[domain_realm] + .test1.h5l.se = TEST.H5L.SE + .test2.h5l.se = TEST2.H5L.SE + .test3.h5l.se = TEST3.H5L.SE + localhost = TEST.H5L.SE + + +[kdc] + enable-digest = true + allow-anonymous = true + digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2 + strict-nametypes = true + + enable-http = true + + enable-pkinit = true + pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key + pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt + pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt +# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl + pkinit_mappings_file = @srcdir@/pki-mapping + pkinit_allow_proxy_certificate = true + + database = { + label = { + dbname = @objdir@/current-db@kdc@ + realm = TEST.H5L.SE + mkey_file = @objdir@/mkey.file + acl_file = @srcdir@/heimdal.acl + log_file = @objdir@/current@kdc@.log + } + label2 = { + dbname = @objdir@/current-db@kdc@ + realm = TEST2.H5L.SE + mkey_file = @objdir@/mkey.file + acl_file = @srcdir@/heimdal.acl + log_file = @objdir@/current@kdc@.log + } + } + + signal_socket = @objdir@/signal + iprop-stats = @objdir@/iprop-stats + iprop-acl = @srcdir@/iprop-acl + +[hdb] + db-dir = @objdir@ + +[logging] + kdc = 0-/FILE:@objdir@/messages.log + default = 0-/FILE:@objdir@/messages.log + +[kadmin] + save-password = true + @dk@ + +[capaths] + TEST.H5L.SE = { + TEST3.H5L.SE = . + TEST2.H5L.SE = . + } + TEST2.H5L.SE = { + TEST.H5L.SE = . + TEST3.H5L.SE = . + } + TEST3.H5L.SE = { + TEST.H5L.SE = . + TEST2.H5L.SE = . + } |