diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-01-19 13:15:45 +0100 |
---|---|---|
committer | Joseph Sutton <jsutton@samba.org> | 2022-01-19 21:41:59 +0000 |
commit | 7055827b8ffd3823c1240ba3f0b619dd6068cd51 (patch) | |
tree | abb14aa7455bde7b1b33b706123c57ccfc28fcaa /third_party/heimdal/tests/kdc/krb5-pkinit.conf.in | |
parent | 1954e50f266256c9e153c9613f49f9d9f5dbf67b (diff) | |
download | samba-7055827b8ffd3823c1240ba3f0b619dd6068cd51.tar.gz |
HEIMDAL: move code from source4/heimdal* to third_party/heimdal*
This makes it clearer that we always want to do heimdal changes
via the lorikeet-heimdal repository.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Wed Jan 19 21:41:59 UTC 2022 on sn-devel-184
Diffstat (limited to 'third_party/heimdal/tests/kdc/krb5-pkinit.conf.in')
-rw-r--r-- | third_party/heimdal/tests/kdc/krb5-pkinit.conf.in | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/third_party/heimdal/tests/kdc/krb5-pkinit.conf.in b/third_party/heimdal/tests/kdc/krb5-pkinit.conf.in new file mode 100644 index 00000000000..fbc21277a3d --- /dev/null +++ b/third_party/heimdal/tests/kdc/krb5-pkinit.conf.in @@ -0,0 +1,80 @@ +[libdefaults] + default_realm = TEST.H5L.SE + no-addresses = TRUE + allow_weak_crypto = TRUE + enable_kx509 = true + +[appdefaults] + pkinit_anchors = FILE:@objdir@/ca.crt + +[realms] + TEST.H5L.SE = { + kdc = localhost:@port@ + pkinit_win2k = @w2k@ + } + +[kdc] + strict-nametypes = true + synthetic_clients = true + enable-pkinit = true + pkinit_identity = FILE:@objdir@/kdc.crt,@srcdir@/../../lib/hx509/data/key2.der + pkinit_anchors = FILE:@objdir@/ca.crt + pkinit_mappings_file = @srcdir@/pki-mapping + pkinit_max_life_from_cert_extension = true + pkinit_max_life_from_cert = @max_life_from_cert@ + + plugin_dir = @objdir@/../../kdc/.libs + + simple_csr_authorizer_directory = @objdir@/simple_csr_authz + + enable_kx509 = true + require_initial_kca_tickets = false + + database = { + dbname = @objdir@/current-db + realm = TEST.H5L.SE + mkey_file = @objdir@/mkey.file + log_file = @objdir@/log.current-db.log + } + + + realms = { + TEST.H5L.SE = { + negotiate_token_validator = { + keytab = HDBGET:@objdir@/current-db + } + kx509 = { + user = { + include_pkinit_san = true + subject_name = CN=${principal-name-without-realm},DC=TEST,DC=H5L,DC=SE + ekus = 1.3.6.1.5.5.7.3.2 + ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der + template_cert = FILE:@objdir@/kx509-template.crt + } + hostbased_service = { + HTTP = { + include_dnsname_san = true + ekus = 1.3.6.1.5.5.7.3.1 + ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der + } + } + client = { + ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der + } + server = { + ekus = 1.3.6.1.5.5.7.3.1 + ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der + } + } + } + } + +[hdb] + db-dir = @objdir@ + +[logging] + kdc = 0-/FILE:@objdir@/messages.log + default = 0-/FILE:@objdir@/messages.log + +[kadmin] + save-password = true |