| 192 |
- |
1 |
# To opt out of the system crypto-policies configuration of krb5, remove the
|
|
|
2 |
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
|
|
|
3 |
includedir /etc/krb5.conf.d/
|
|
|
4 |
|
|
|
5 |
[logging]
|
|
|
6 |
default = FILE:/var/log/krb5libs.log
|
|
|
7 |
kdc = FILE:/var/log/krb5kdc.log
|
|
|
8 |
admin_server = FILE:/var/log/kadmind.log
|
|
|
9 |
|
|
|
10 |
[libdefaults]
|
|
|
11 |
dns_lookup_realm = false
|
|
|
12 |
ticket_lifetime = 24h
|
|
|
13 |
renew_lifetime = 7d
|
|
|
14 |
forwardable = true
|
|
|
15 |
rdns = false
|
|
|
16 |
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
|
|
|
17 |
spake_preauth_groups = edwards25519
|
|
|
18 |
# default_realm = EXAMPLE.COM
|
|
|
19 |
default_ccache_name = KEYRING:persistent:%{uid}
|
|
|
20 |
|
|
|
21 |
[realms]
|
|
|
22 |
# EXAMPLE.COM = {
|
|
|
23 |
# kdc = kerberos.example.com
|
|
|
24 |
# admin_server = kerberos.example.com
|
|
|
25 |
# }
|
|
|
26 |
|
|
|
27 |
[domain_realm]
|
|
|
28 |
# .example.com = EXAMPLE.COM
|
|
|
29 |
# example.com = EXAMPLE.COM
|