path: root/files/etc/krb5.conf.common



[libdefaults]
  default_realm = ${realm}
  dns_lookup_kdc = true
  dns_lookup_realm = false
  allow_weak_crypto = false
  permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
  default_keytab_name = FILE:/var/krb5/user/%{euid}/keytab
  default_client_keytab_name = FILE:/var/krb5/user/%{euid}/client.keytab
  forwardable = true
  ticket_lifetime = ${krb5_ticket_lifetime}
  renew_lifetime = ${krb5_renew_lifetime}

[appdefaults]
  pam = {
    minimum_uid = 1000
    ccache = FILE:/tmp/krb5cc_%u_XXXXXX
  }

[realms]
  ${realm} = {
$(for host in $ldap_hosts; do echo "\
    admin_server = ${host}"; done)
    default_domain = ${domain}
  }

[domain_realm]
  .${domain} = ${realm}
  ${domain}  = ${realm}
[libdefaults]
  default_realm = ${realm}
  dns_lookup_kdc = true
  dns_lookup_realm = false
  allow_weak_crypto = false
  permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
  default_keytab_name = FILE:/var/krb5/user/%{euid}/keytab
  default_client_keytab_name = FILE:/var/krb5/user/%{euid}/client.keytab
  forwardable = true
  ticket_lifetime = ${krb5_ticket_lifetime}
  renew_lifetime = ${krb5_renew_lifetime}

[appdefaults]
  pam = {
    minimum_uid = 1000
    ccache = FILE:/tmp/krb5cc_%u_XXXXXX
  }

[realms]
  ${realm} = {
$(for host in $ldap_hosts; do echo "\
    admin_server = ${host}"; done)
    default_domain = ${domain}
  }

[domain_realm]
  .${domain} = ${realm}
  ${domain}  = ${realm}