blob: 0ce45b58c24883cec8cc9513f64decb388fbadf5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
[libdefaults]
default_realm = TEST.H5L.SE TEST2.H5L.SE
no-addresses = TRUE
dns_lookup_realm = no
name_canon_rules = as-is:realm=TEST.H5L.SE
name_canon_rules = as-is:realm=TEST2.H5L.SE
name_canon_rules = as-is:realm=TEST3.H5L.SE
name_canon_rules = qualify:domain=test1.h5l.se:realm=TEST.H5L.SE
name_canon_rules = qualify:domain=test1.h5l.se:realm=TEST2.H5L.SE
name_canon_rules = qualify:domain=test2.h5l.se:realm=TEST2.H5L.SE
name_canon_rules = qualify:domain=test3.h5l.se:realm=TEST3.H5L.SE
[appdefaults]
pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
reconnect-min = 2s
reconnect-backoff = 2s
reconnect-max = 10s
[realms]
TEST.H5L.SE = {
kdc = localhost:@port@
admin_server = localhost:@admport@
kpasswd_server = localhost:@pwport@
}
TEST2.H5L.SE = {
kdc = localhost:@port@
kpasswd_server = localhost:@pwport@
}
TEST3.H5L.SE = {
kdc = localhost:@port@
}
[domain_realm]
.test1.h5l.se = TEST.H5L.SE
.test2.h5l.se = TEST2.H5L.SE
.test3.h5l.se = TEST3.H5L.SE
localhost = TEST.H5L.SE
[kdc]
enable-digest = true
allow-anonymous = true
digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
strict-nametypes = true
enable-http = true
enable-pkinit = true
pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
pkinit_mappings_file = @srcdir@/pki-mapping
pkinit_allow_proxy_certificate = true
database = {
label = {
dbname = @objdir@/current-db@kdc@
realm = TEST.H5L.SE
mkey_file = @objdir@/mkey.file
acl_file = @srcdir@/heimdal.acl
log_file = @objdir@/current@kdc@.log
}
label2 = {
dbname = @objdir@/current-db@kdc@
realm = TEST2.H5L.SE
mkey_file = @objdir@/mkey.file
acl_file = @srcdir@/heimdal.acl
log_file = @objdir@/current@kdc@.log
}
}
signal_socket = @objdir@/signal
iprop-stats = @objdir@/iprop-stats
iprop-acl = @srcdir@/iprop-acl
[hdb]
db-dir = @objdir@
[logging]
kdc = 0-/FILE:@objdir@/messages.log
default = 0-/FILE:@objdir@/messages.log
[kadmin]
save-password = true
@dk@
[capaths]
TEST.H5L.SE = {
TEST3.H5L.SE = .
TEST2.H5L.SE = .
}
TEST2.H5L.SE = {
TEST.H5L.SE = .
TEST3.H5L.SE = .
}
TEST3.H5L.SE = {
TEST.H5L.SE = .
TEST2.H5L.SE = .
}
|
