| 4 |
- |
1 |
[logging]
|
|
|
2 |
default = FILE:/var/log/krb5libs.log
|
|
|
3 |
kdc = FILE:/var/log/krb5kdc.log
|
|
|
4 |
admin_server = FILE:/var/log/kadmind.log
|
|
|
5 |
|
|
|
6 |
[libdefaults]
|
|
|
7 |
default_realm = UJSOFTWARE.COM
|
|
|
8 |
dns_lookup_realm = false
|
|
|
9 |
dns_lookup_kdc = true
|
|
|
10 |
ticket_lifetime = 24h
|
|
|
11 |
renew_lifetime = 7d
|
|
|
12 |
forwardable = true
|
|
|
13 |
default_keytab_name = /etc/krb5.keytab
|
|
|
14 |
default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
|
|
|
15 |
default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
|
|
|
16 |
preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
|
|
|
17 |
pkinit_kdc_hostname = <DNS>
|
|
|
18 |
pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
|
|
|
19 |
pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
|
|
|
20 |
pkinit_eku_checking = kpServerAuth
|
|
|
21 |
pkinit_win2k_require_binding = false
|
|
|
22 |
pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
|
|
|
23 |
|
|
|
24 |
[realms]
|
|
|
25 |
EXAMPLE.COM = {
|
|
|
26 |
kdc = kerberos.example.com
|
|
|
27 |
admin_server = kerberos.example.com
|
|
|
28 |
}
|
|
|
29 |
UJSOFTWARE.COM = {
|
|
|
30 |
auth_to_local = RULE:[1:$0\$1](^UJSOFTWARE\.COM\\.*)s/^UJSOFTWARE\.COM/UJSOFTWARE/
|
|
|
31 |
auth_to_local = DEFAULT
|
|
|
32 |
}
|
|
|
33 |
|
|
|
34 |
[domain_realm]
|
|
|
35 |
.example.com = EXAMPLE.COM
|
|
|
36 |
example.com = EXAMPLE.COM
|
|
|
37 |
.ujsoftware.com = UJSOFTWARE.COM
|
| 10 |
- |
38 |
ujsoftware.com = UJSOFTWARE.COM
|
| 4 |
- |
39 |
[appdefaults]
|
|
|
40 |
pam = {
|
|
|
41 |
mappings = UJSOFTWARE\\(.*) $1@UJSOFTWARE.COM
|
|
|
42 |
forwardable = true
|
|
|
43 |
validate = true
|
|
|
44 |
}
|
|
|
45 |
httpd = {
|
|
|
46 |
mappings = UJSOFTWARE\\(.*) $1@UJSOFTWARE.COM
|
|
|
47 |
reverse_mappings = (.*)@UJSOFTWARE\.COM UJSOFTWARE\$1
|
|
|
48 |
}
|