[kdcdefaults]
 kdc_ports = 88
 kdc_tcp_ports = 88
 restrict_anonymous_to_tgt = true

[realms]
 $REALM = {
  master_key_type = aes256-cts
  max_life = 7d
  max_renewable_life = 14d
  acl_file = $KRB5KDC_KADM5_ACL
  dict_file = $DICT_WORDS
  default_principal_flags = +preauth
;  admin_keytab = $KRB5KDC_KADM5_KEYTAB
  pkinit_identity = FILE:$KDC_PEM
  pkinit_anchors = FILE:$CACERT_PEM
 }