finish idm client stuff

author: Cullum Smith <cullum@sacredheartsc.com> 2024-09-25 21:38:13 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-09-25 21:38:13 -0400
commit: cd1ce69f104686bbb33e049c2c4c112e78febd36 (patch)
tree: 6654eaf12145b918cd217dcdf9b95a0060a60b7b /files/etc/krb5.conf.common
parent: 93994080d976d1fd98a22422a549fe371a2bcae3 (diff)
download: infrastructure-cd1ce69f104686bbb33e049c2c4c112e78febd36.tar.gz
1 files changed, 29 insertions, 0 deletions
diff --git a/files/etc/krb5.conf.common b/files/etc/krb5.conf.common
new file mode 100644
index 0000000..aa2c11f
--- /dev/null
+++ b/files/etc/krb5.conf.common
@@ -0,0 +1,29 @@
+[libdefaults]
+  default_realm = ${realm}
+  dns_lookup_kdc = true
+  dns_lookup_realm = false
+  allow_weak_crypto = false
+  permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
+  default_client_keytab_name = /var/db/keytabs/%{euid}.keytab
+  # Breaks screenlockers
+  # verify_ap_req_nofail = true
+
+[appdefaults]
+  pam = {
+    minimum_uid = 1000
+    ccache = FILE:/tmp/krb5cc_%u_XXXXXX
+    forwardable = true
+    ticket_lifetime = ${krb5_ticket_lifetime}
+    renew_lifetime = ${krb5_renew_lifetime}
+  }
+
+[realms]
+  ${realm} = {
+$(for host in $ldap_hosts; do echo "\
+    admin_server = ${host}"; done)
+    default_domain = ${domain}
+  }
+
+[domain_realm]
+  .${domain} = ${realm}
+  ${domain}  = ${realm}
author	Cullum Smith <cullum@sacredheartsc.com>	2024-09-25 21:38:13 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-09-25 21:38:13 -0400
commit	cd1ce69f104686bbb33e049c2c4c112e78febd36 (patch)
tree	6654eaf12145b918cd217dcdf9b95a0060a60b7b /files/etc/krb5.conf.common
parent	93994080d976d1fd98a22422a549fe371a2bcae3 (diff)
download	infrastructure-cd1ce69f104686bbb33e049c2c4c112e78febd36.tar.gz