|
 |
c41359 |
# To opt out of the system crypto-policies configuration of krb5, remove the
|
|
|
c41359 |
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
|
|
|
c41359 |
includedir /etc/krb5.conf.d/
|
|
|
c41359 |
|
|
|
c41359 |
[logging]
|
|
|
c41359 |
default = FILE:/var/log/krb5libs.log
|
|
|
c41359 |
kdc = FILE:/var/log/krb5kdc.log
|
|
|
c41359 |
admin_server = FILE:/var/log/kadmind.log
|
|
|
c41359 |
|
|
|
c41359 |
[libdefaults]
|
|
|
c41359 |
dns_lookup_realm = false
|
|
|
c41359 |
ticket_lifetime = 24h
|
|
|
c41359 |
renew_lifetime = 7d
|
|
|
c41359 |
forwardable = true
|
|
|
c41359 |
rdns = false
|
|
|
1d2312 |
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
|
|
|
c41359 |
spake_preauth_groups = edwards25519
|
|
|
c41359 |
# default_realm = EXAMPLE.COM
|
|
|
c41359 |
|
|
|
c41359 |
[realms]
|
|
|
c41359 |
# EXAMPLE.COM = {
|
|
|
c41359 |
# kdc = kerberos.example.com
|
|
|
c41359 |
# admin_server = kerberos.example.com
|
|
|
c41359 |
# }
|
|
|
c41359 |
|
|
|
c41359 |
[domain_realm]
|
|
|
c41359 |
# .example.com = EXAMPLE.COM
|
|
|
c41359 |
# example.com = EXAMPLE.COM
|