xref: /freebsd/contrib/pam-krb5/ci/files/heimdal/kdc.conf (revision 9f0f30bc1f5f08d25243952bad3fdc6e13a75c2a)

# Heimdal KDC configuration.  -*- conf -*-

[kadmin]
    default_keys           = aes256-cts-hmac-sha1-96:pw-salt

[kdc]
    acl_file               = /etc/heimdal-kdc/kadmind.acl
    check-ticket-addresses = false
    logging                = SYSLOG:NOTICE
    ports                  = 88

    # PKINIT configuration.
    enable-pkinit          = yes
    pkinit_identity        = FILE:/etc/heimdal-kdc/kdc.pem
    pkinit_anchors         = FILE:/etc/heimdal-kdc/ca/ca.pem
    pkinit_mappings_file   = /etc/heimdal-kdc/pki-mapping
    pkinit_allow_proxy_certificate  = no
    pkinit_principal_in_certificate = no

[libdefaults]
    default_realm          = HEIMDAL.TEST
    dns_lookup_kdc         = false
    dns_lookup_realm       = false

[realms]
    HEIMDAL.TEST.EYRIE.ORG = {
        kdc            = 127.0.0.1
        master_kdc     = 127.0.0.1
        admin_server   = 127.0.0.1
    }