From 6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Tue, 24 Sep 2024 22:35:45 -0400
Subject: finish up idm_server hostclass

---
 files/usr/local/var/krb5kdc/kdc.conf.idm_server | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 files/usr/local/var/krb5kdc/kdc.conf.idm_server

(limited to 'files/usr/local/var/krb5kdc/kdc.conf.idm_server')

diff --git a/files/usr/local/var/krb5kdc/kdc.conf.idm_server b/files/usr/local/var/krb5kdc/kdc.conf.idm_server
new file mode 100644
index 0000000..ab16965
--- /dev/null
+++ b/files/usr/local/var/krb5kdc/kdc.conf.idm_server
@@ -0,0 +1,23 @@
+[realms]
+  ${realm} = {
+    database_module = openldap_ldapconf
+    key_stash_file = ${kdc_master_key_path}
+    max_life = ${kdc_max_life}
+    max_renewable_life = ${kdc_max_renewable_life}
+    default_principal_flags = +preauth
+  }
+
+[dbdefaults]
+  ldap_kerberos_container_dn = ${kdc_basedn}
+  ldap_kdc_sasl_mech = EXTERNAL
+  ldap_kadmind_sasl_mech = EXTERNAL
+  ldap_conns_per_server = 5
+
+[dbmodules]
+  openldap_ldapconf = {
+    ldap_servers = ${slapd_ldapi_uri}
+    db_library = kldap
+  }
+
+[logging]
+  default = SYSLOG
-- 
cgit v1.2.3