aboutsummaryrefslogtreecommitdiff
path: root/files/usr/local/var
diff options
context:
space:
mode:
Diffstat (limited to 'files/usr/local/var')
-rw-r--r--files/usr/local/var/krb5kdc/kadm5.acl.idm_server2
-rw-r--r--files/usr/local/var/krb5kdc/kdc.conf.idm_server23
2 files changed, 25 insertions, 0 deletions
diff --git a/files/usr/local/var/krb5kdc/kadm5.acl.idm_server b/files/usr/local/var/krb5kdc/kadm5.acl.idm_server
new file mode 100644
index 0000000..c2a454b
--- /dev/null
+++ b/files/usr/local/var/krb5kdc/kadm5.acl.idm_server
@@ -0,0 +1,2 @@
+*/admin@${realm} * * -maxlife 1h -postdateable
+${boxconf_username}@${realm} * * -maxlife 5m -postdateable
diff --git a/files/usr/local/var/krb5kdc/kdc.conf.idm_server b/files/usr/local/var/krb5kdc/kdc.conf.idm_server
new file mode 100644
index 0000000..ab16965
--- /dev/null
+++ b/files/usr/local/var/krb5kdc/kdc.conf.idm_server
@@ -0,0 +1,23 @@
+[realms]
+ ${realm} = {
+ database_module = openldap_ldapconf
+ key_stash_file = ${kdc_master_key_path}
+ max_life = ${kdc_max_life}
+ max_renewable_life = ${kdc_max_renewable_life}
+ default_principal_flags = +preauth
+ }
+
+[dbdefaults]
+ ldap_kerberos_container_dn = ${kdc_basedn}
+ ldap_kdc_sasl_mech = EXTERNAL
+ ldap_kadmind_sasl_mech = EXTERNAL
+ ldap_conns_per_server = 5
+
+[dbmodules]
+ openldap_ldapconf = {
+ ldap_servers = ${slapd_ldapi_uri}
+ db_library = kldap
+ }
+
+[logging]
+ default = SYSLOG