47 lines
1.4 KiB
Django/Jinja
47 lines
1.4 KiB
Django/Jinja
[libdefaults]
|
|
default_realm = {{ krb_realm }}
|
|
|
|
# The following krb5.conf variables are only for MIT Kerberos.
|
|
kdc_timesync = 1
|
|
ccache_type = 4
|
|
forwardable = true
|
|
proxiable = true
|
|
|
|
dns_lookup_kdc = false
|
|
dns_lookup_realm = false
|
|
|
|
# For NFS, apparently
|
|
allow_weak_crypto = true
|
|
|
|
# The following encryption type specification will be used by MIT Kerberos
|
|
# if uncommented. In general, the defaults in the MIT Kerberos code are
|
|
# correct and overriding these specifications only serves to disable new
|
|
# encryption types as they are added, creating interoperability problems.
|
|
#
|
|
# The only time when you might need to uncomment these lines and change
|
|
# the enctypes is if you have local software that will break on ticket
|
|
# caches containing ticket encryption types it doesn't know about (such as
|
|
# old versions of Sun Java).
|
|
|
|
# default_tgs_enctypes = des3-hmac-sha1
|
|
# default_tkt_enctypes = des3-hmac-sha1
|
|
# permitted_enctypes = des3-hmac-sha1
|
|
|
|
# The following libdefaults parameters are only for Heimdal Kerberos.
|
|
fcc-mit-ticketflags = true
|
|
|
|
[realms]
|
|
{{ krb_realm }} = {
|
|
kdc = kdc1.{{ base_domain }}
|
|
admin_server = kadmin.{{ base_domain }}
|
|
}
|
|
|
|
[domain_realm]
|
|
.{{ base_domain }} = {{ krb_realm }}
|
|
{{ base_domain }} = {{ krb_realm }}
|
|
|
|
[logging]
|
|
kdc = SYSLOG:INFO:AUTH
|
|
admin_server = SYSLOG:INFO:AUTH
|
|
default = SYSLOG:INFO:AUTH
|