finish up idm_server hostclass

author: Cullum Smith <cullum@sacredheartsc.com> 2024-09-24 22:35:45 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-09-24 22:35:45 -0400
commit: 6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb (patch)
tree: 9279f7a330affbb5da6a1f147739b8dfd92d4a19 /files/etc/krb5.conf.idm_server
parent: d9c18b3fcb9b036b6cdf69397828b59ab4c53091 (diff)
download: infrastructure-6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb.tar.gz
1 files changed, 27 insertions, 0 deletions
diff --git a/files/etc/krb5.conf.idm_server b/files/etc/krb5.conf.idm_server
new file mode 100644
index 0000000..422d0e4
--- /dev/null
+++ b/files/etc/krb5.conf.idm_server
@@ -0,0 +1,27 @@
+[libdefaults]
+  default_realm = ${realm}
+  dns_lookup_kdc = false
+  dns_lookup_realm = false
+  allow_weak_crypto = false
+  permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
+  verify_ap_req_nofail = true
+
+[appdefaults]
+  pam = {
+    minimum_uid = 1000
+    ccache = FILE:/tmp/krb5cc_%u_XXXXXX
+    forwardable = true
+    ticket_lifetime = ${krb5_ticket_lifetime}
+    renew_lifetime = ${krb5_renew_lifetime}
+  }
+
+[realms]
+  ${realm} = {
+    kdc = ${fqdn}
+    admin_server = ${fqdn}
+    default_domain = ${domain}
+  }
+
+[domain_realm]
+  .${domain} = ${realm}
+  ${domain}  = ${realm}
author	Cullum Smith <cullum@sacredheartsc.com>	2024-09-24 22:35:45 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-09-24 22:35:45 -0400
commit	6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb (patch)
tree	9279f7a330affbb5da6a1f147739b8dfd92d4a19 /files/etc/krb5.conf.idm_server
parent	d9c18b3fcb9b036b6cdf69397828b59ab4c53091 (diff)
download	infrastructure-6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb.tar.gz