[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = $REALM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] $REALM = { kdc = $FQDN:88 admin_server = $FQDN:749 default_domain = $DOMAIN } [domain_realm] .$DOMAIN = $REALM $DOMAIN = $REALM [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } [dbmodules] $REALM = { db_library = kldap ldap_servers = ldap://127.0.0.1/ ldap_kerberos_container_dn = cn=kerberos,$SUFFIX ldap_kdc_dn = uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX ldap_kadmind_dn = uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd }