|
 |
cb4cef |
# To opt out of the system crypto-policies configuration of krb5, remove the
|
|
|
cb4cef |
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
|
|
|
cb4cef |
includedir /etc/krb5.conf.d/
|
|
|
cb4cef |
|
|
|
cb4cef |
[logging]
|
|
|
cb4cef |
default = FILE:/var/log/krb5libs.log
|
|
|
cb4cef |
kdc = FILE:/var/log/krb5kdc.log
|
|
|
cb4cef |
admin_server = FILE:/var/log/kadmind.log
|
|
|
cb4cef |
|
|
|
cb4cef |
[libdefaults]
|
|
|
cb4cef |
dns_lookup_realm = false
|
|
|
cb4cef |
ticket_lifetime = 24h
|
|
|
cb4cef |
renew_lifetime = 7d
|
|
|
cb4cef |
forwardable = true
|
|
|
cb4cef |
rdns = false
|
|
|
cb4cef |
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
|
|
|
cb4cef |
spake_preauth_groups = edwards25519
|
|
|
cb4cef |
dns_canonicalize_hostname = fallback
|
|
|
cb4cef |
qualify_shortname = ""
|
|
|
cb4cef |
# default_realm = EXAMPLE.COM
|
|
|
cb4cef |
|
|
|
cb4cef |
[realms]
|
|
|
cb4cef |
# EXAMPLE.COM = {
|
|
|
cb4cef |
# kdc = kerberos.example.com
|
|
|
cb4cef |
# admin_server = kerberos.example.com
|
|
|
cb4cef |
# }
|
|
|
cb4cef |
|
|
|
cb4cef |
[domain_realm]
|
|
|
cb4cef |
# .example.com = EXAMPLE.COM
|
|
|
cb4cef |
# example.com = EXAMPLE.COM
|