install/share/krb5.conf.template


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = $REALM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 rdns = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 $REALM = {
  kdc = $FQDN:88
  admin_server = $FQDN:749
  default_domain = $DOMAIN
  pkinit_anchors = FILE:/etc/ipa/ca.crt
}

[domain_realm]
 .$DOMAIN = $REALM
 $DOMAIN = $REALM

[appdefaults]
 pam = {
   debug = false
   krb4_convert = false
 }

[dbmodules]
  $REALM = {
    db_library = kldap
    ldap_servers = ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket
    ldap_kerberos_container_dn = cn=kerberos,$SUFFIX
    ldap_kdc_dn = uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX
    ldap_kadmind_dn = uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX
    ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd
  }