krb5
authorOwen Smith <owen@omsmith.ca>
Wed, 15 May 2013 06:00:31 +0000 (02:00 -0400)
committerOwen Smith <owen@omsmith.ca>
Wed, 15 May 2013 06:00:31 +0000 (02:00 -0400)
bootstrap.sh
templates/krb5.conf [new file with mode: 0644]

index 157c2f9..a1df2d4 100755 (executable)
@@ -50,3 +50,6 @@ fi
 # nslcd
 cp ./templates/nslcd.conf /etc/nslcd.conf
 
+# krb5
+cp ./templates/krb5.conf /etc/krb5.conf
+
diff --git a/templates/krb5.conf b/templates/krb5.conf
new file mode 100644 (file)
index 0000000..0fd4fce
--- /dev/null
@@ -0,0 +1,78 @@
+[libdefaults]
+       default_realm = CSCLUB.UWATERLOO.CA
+       forwardable = true
+       proxiable = true
+        dns_lookup_kdc = false
+        dns_lookup_realm = false
+
+       # remove this once NFS mounts without it
+       allow_weak_crypto = true
+
+[realms]
+       CSCLUB.UWATERLOO.CA = {
+               kdc = kdc1.csclub.uwaterloo.ca
+               kdc = kdc2.csclub.uwaterloo.ca
+               admin_server = kadmin.csclub.uwaterloo.ca
+               database_module = openldap_ldapconf
+       }
+
+       CMCLUB.UWATERLOO.CA = {
+               kdc = staples.cmclub.uwaterloo.ca
+               admin_server = staples.cmclub.uwaterloo.ca
+       }
+
+
+       STUDENT.CS.UWATERLOO.CA = {
+               kdc = eponina.student.cs.uwaterloo.ca:88
+               kdc = canadenis.student.cs.uwaterloo.ca:88
+               admin_server = canadenis.student.cs.uwaterloo.ca:464
+       }
+
+       CS.UWATERLOO.CA = {
+               kdc = intacta.cs.uwaterloo.ca:88
+               kdc = serverus.cs.uwaterloo.ca:88
+               admin_server = intacta.cs.uwaterloo.ca:464
+       }
+
+       ADS.UWATERLOO.CA = {
+               kdc = ads.uwaterloo.ca:88
+               admin_server = ads.uwaterloo.ca:464
+               default_domain = ads.uwaterloo.ca
+       }
+
+       NEXUS.UWATERLOO.CA = {
+               kdc = nexus.uwaterloo.ca:88
+               kdc = nexus.uwaterloo.ca
+               admin_server = nexus.uwaterloo.ca:464
+       }
+
+[domain_realm]
+       .uwaterloo.ca = ADS.UWATERLOO.CA
+       uwaterloo.ca = ADS.UWATERLOO.CA
+       .csclub.uwaterloo.ca = CSCLUB.UWATERLOO.CA
+       csclub.uwaterloo.ca = CSCLUB.UWATERLOO.CA
+       .cmclub.uwaterloo.ca = CSCLUB.UWATERLOO.CA
+       cmclub.uwaterloo.ca = CSCLUB.UWATERLO.CA
+       .nexus.uwaterloo.ca = NEXUS.UWATERLOO.CA
+       nexus.uwaterloo.ca = NEXUS.UWATERLOO.CA
+       .cs.uwaterloo.ca = CS.UWATERLOO.CA
+       cs.uwaterloo.ca = CS.UWATERLOO.CA
+       .student.cs.uwaterloo.ca = STUDENT.CS.UWATERLOO.CA
+       student.cs.uwaterloo.ca = STUDENT.CS.UWATERLOO.CA
+
+[logging]
+       kdc = FILE:/var/log/krb5kdc.log
+       admin_server = FILE:/var/log/kadmin.log
+       default = FILE:/var/log/krb5.log
+
+
+#[dbmodules]
+#      openldap_ldapconf = {
+#              db_library = kldap
+#              ldap_kerberos_container_dn = "cn=kerberos,dc=csclub,dc=uwaterloo,dc=ca"
+#              ldap_kdc_dn = "cn=kerberos-kdc,dc=csclub,dc=uwaterloo,dc=ca"
+#              ldap_kadmind_dn = "cn=kerberos-admin,dc=csclub,dc=uwaterloo,dc=ca"
+#              ldap_service_password_file = /etc/krb5kdc/service.keyfile
+#              ldap_servers = ldapi:///
+#      }
+#