diff options
Diffstat (limited to 'confskel/heimdal')
| -rw-r--r-- | confskel/heimdal/heimdal.defaults | 11 | ||||
| -rw-r--r-- | confskel/heimdal/kadmind.acl | 2 | ||||
| -rw-r--r-- | confskel/heimdal/kdc.conf | 8 | ||||
| -rw-r--r-- | confskel/heimdal/krb5.conf | 40 |
4 files changed, 61 insertions, 0 deletions
diff --git a/confskel/heimdal/heimdal.defaults b/confskel/heimdal/heimdal.defaults new file mode 100644 index 0000000..4916c5f --- /dev/null +++ b/confskel/heimdal/heimdal.defaults @@ -0,0 +1,11 @@ +# Zivios Heimdal Configuration file. +START="yes" + +KDC_ENABLED="yes" +KDC_PARAMS="" + +KPASSWDD_ENABLED="yes" +KPASSWDD_PARAMS="" + +KADMIND_ENABLED="yes" +KADMIND_PARAMS="" diff --git a/confskel/heimdal/kadmind.acl b/confskel/heimdal/kadmind.acl new file mode 100644 index 0000000..27fe007 --- /dev/null +++ b/confskel/heimdal/kadmind.acl @@ -0,0 +1,2 @@ +kadmin/@@@ROOTUSER@@@@@@@REALM_UCNAME@@@ all +@@@ADMINUSER@@@@@@@REALM_UCNAME@@@ all diff --git a/confskel/heimdal/kdc.conf b/confskel/heimdal/kdc.conf new file mode 100644 index 0000000..67aa0e0 --- /dev/null +++ b/confskel/heimdal/kdc.conf @@ -0,0 +1,8 @@ +[kdc] +logging = FILE:/var/log/heimdal-kdc.log +enable-pkinit = yes +pki-identity = FILE:/etc/trinity/ldap/tde-ca/public/@@@KDCSERVER@@@.pki.crt,/etc/trinity/ldap/tde-ca/private/@@@KDCSERVER@@@.pki.key +pki-anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem +pki-allow-proxy-certificate = false +acl_file = /etc/kadmind.acl + diff --git a/confskel/heimdal/krb5.conf b/confskel/heimdal/krb5.conf new file mode 100644 index 0000000..adf55df --- /dev/null +++ b/confskel/heimdal/krb5.conf @@ -0,0 +1,40 @@ +[libdefaults] + ticket_lifetime = 86400 + default_realm = @@@REALM_UCNAME@@@ + default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 + default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5 + +[appdefaults] + pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem + +[realms] + @@@REALM_UCNAME@@@ = { + kdc = @@@KDCSERVER@@@:@@@KDCPORT@@@ + admin_server = @@@ADMINSERVER@@@:@@@ADMINPORT@@@ + pkinit_require_eku = @@@PKINIT_REQUIRE_EKU@@@ + pkinit_require_krbtgt_otherName = @@@PKINIT_REQUIRE_KRBTGT_OTHERNAME@@@ + win2k_pkinit = @@@WIN2K_PKINIT@@@ + win2k_pkinit_require_binding = @@@WIN2K_PKINIT_REQUIRE_BINDING@@@ + } + +[domain_realm] + @@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@ + .@@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@ + +[kdc] + enable-pkinit = yes + pkinit_identity = FILE:/etc/trinity/ldap/tde-ca/public/@@@KDCSERVER@@@.pki.crt,/etc/trinity/ldap/tde-ca/private/@@@KDCSERVER@@@.pki.key + pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem + pkinit_allow-proxy-certificate = false + + database = { + dbname = ldap:@@@REALM_DCNAME@@@ + acl_file = /etc/kadmind.acl + } + +[logging] + kdc = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmin.log + default = FILE:/var/log/krb5lib.log + + |