ansible-playbooks/roles/auth/files/krb5.conf

[libdefaults]
  default_realm = CSCLUB.UWATERLOO.CA
  forwardable = true
  proxiable = true
  dns_lookup_kdc = false
  dns_lookup_realm = false
  allow_weak_crypto = true

[realms]
  CSCLUB.UWATERLOO.CA = {
    kdc = kdc1.csclub.uwaterloo.ca
    kdc = kdc2.csclub.uwaterloo.ca
    admin_server = kadmin.csclub.uwaterloo.ca
  }

  STUDENT.CS.UWATERLOO.CA = {
    kdc = eponina.student.cs.uwaterloo.ca:88
    kdc = canadenis.student.cs.uwaterloo.ca:88
    admin_server = canadenis.student.cs.uwaterloo.ca:464
  }

  CS.UWATERLOO.CA = {
    kdc = intacta.cs.uwaterloo.ca:88
    kdc = serverus.cs.uwaterloo.ca:88
    admin_server = intacta.cs.uwaterloo.ca:464
  }

  ADS.UWATERLOO.CA = {
    kdc = ads.uwaterloo.ca:88
    admin_server = ads.uwaterloo.ca:464
    default_domain = ads.uwaterloo.ca
  }

  NEXUS.UWATERLOO.CA = {
    kdc = nexus.uwaterloo.ca:88
    kdc = nexus.uwaterloo.ca
    admin_server = nexus.uwaterloo.ca:464
  }

[domain_realm]
  .uwaterloo.ca = ADS.UWATERLOO.CA
  uwaterloo.ca = ADS.UWATERLOO.CA
  .csclub.uwaterloo.ca = CSCLUB.UWATERLOO.CA
  csclub.uwaterloo.ca = CSCLUB.UWATERLOO.CA
  .nexus.uwaterloo.ca = NEXUS.UWATERLOO.CA
  nexus.uwaterloo.ca = NEXUS.UWATERLOO.CA
  .cs.uwaterloo.ca = CS.UWATERLOO.CA
  cs.uwaterloo.ca = CS.UWATERLOO.CA
  .student.cs.uwaterloo.ca = STUDENT.CS.UWATERLOO.CA
  student.cs.uwaterloo.ca = STUDENT.CS.UWATERLOO.CA

[logging]
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmin.log
  default = FILE:/var/log/krb5.log


#[dbmodules]
# openldap_ldapconf = {
#   db_library = kldap
#   ldap_kerberos_container_dn = "cn=kerberos,dc=csclub,dc=uwaterloo,dc=ca"
#   ldap_kdc_dn = "cn=kerberos-kdc,dc=csclub,dc=uwaterloo,dc=ca"
#   ldap_kadmind_dn = "cn=kerberos-admin,dc=csclub,dc=uwaterloo,dc=ca"
#   ldap_service_password_file = /etc/krb5kdc/service.keyfile
#   ldap_servers = ldapi:///
# }
created roles for office terminal install, tested up to auth 2016-06-02 00:47:31 -04:00			`[libdefaults]`
			`default_realm = CSCLUB.UWATERLOO.CA`
			`forwardable = true`
			`proxiable = true`
			`dns_lookup_kdc = false`
			`dns_lookup_realm = false`
Allow weak crypto in kerberos (required for netapp nfs) 2017-10-01 11:53:58 -04:00			`allow_weak_crypto = true`
created roles for office terminal install, tested up to auth 2016-06-02 00:47:31 -04:00
			`[realms]`
			`CSCLUB.UWATERLOO.CA = {`
			`kdc = kdc1.csclub.uwaterloo.ca`
			`kdc = kdc2.csclub.uwaterloo.ca`
			`admin_server = kadmin.csclub.uwaterloo.ca`
			`}`

			`STUDENT.CS.UWATERLOO.CA = {`
			`kdc = eponina.student.cs.uwaterloo.ca:88`
			`kdc = canadenis.student.cs.uwaterloo.ca:88`
			`admin_server = canadenis.student.cs.uwaterloo.ca:464`
			`}`

			`CS.UWATERLOO.CA = {`
			`kdc = intacta.cs.uwaterloo.ca:88`
			`kdc = serverus.cs.uwaterloo.ca:88`
			`admin_server = intacta.cs.uwaterloo.ca:464`
			`}`

			`ADS.UWATERLOO.CA = {`
			`kdc = ads.uwaterloo.ca:88`
			`admin_server = ads.uwaterloo.ca:464`
			`default_domain = ads.uwaterloo.ca`
			`}`

			`NEXUS.UWATERLOO.CA = {`
			`kdc = nexus.uwaterloo.ca:88`
			`kdc = nexus.uwaterloo.ca`
			`admin_server = nexus.uwaterloo.ca:464`
			`}`

			`[domain_realm]`
			`.uwaterloo.ca = ADS.UWATERLOO.CA`
			`uwaterloo.ca = ADS.UWATERLOO.CA`
			`.csclub.uwaterloo.ca = CSCLUB.UWATERLOO.CA`
			`csclub.uwaterloo.ca = CSCLUB.UWATERLOO.CA`
			`.nexus.uwaterloo.ca = NEXUS.UWATERLOO.CA`
			`nexus.uwaterloo.ca = NEXUS.UWATERLOO.CA`
			`.cs.uwaterloo.ca = CS.UWATERLOO.CA`
			`cs.uwaterloo.ca = CS.UWATERLOO.CA`
			`.student.cs.uwaterloo.ca = STUDENT.CS.UWATERLOO.CA`
			`student.cs.uwaterloo.ca = STUDENT.CS.UWATERLOO.CA`

			`[logging]`
			`kdc = FILE:/var/log/krb5kdc.log`
			`admin_server = FILE:/var/log/kadmin.log`
			`default = FILE:/var/log/krb5.log`


			`#[dbmodules]`
			`# openldap_ldapconf = {`
			`# db_library = kldap`
			`# ldap_kerberos_container_dn = "cn=kerberos,dc=csclub,dc=uwaterloo,dc=ca"`
			`# ldap_kdc_dn = "cn=kerberos-kdc,dc=csclub,dc=uwaterloo,dc=ca"`
			`# ldap_kadmind_dn = "cn=kerberos-admin,dc=csclub,dc=uwaterloo,dc=ca"`
			`# ldap_service_password_file = /etc/krb5kdc/service.keyfile`
			`# ldap_servers = ldapi:///`
			`# }`