mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-26 17:01:14 -06:00
44 lines
935 B
Plaintext
44 lines
935 B
Plaintext
[logging]
|
|
default = FILE:/var/log/krb5libs.log
|
|
kdc = FILE:/var/log/krb5kdc.log
|
|
admin_server = FILE:/var/log/kadmind.log
|
|
|
|
[libdefaults]
|
|
default_realm = $REALM
|
|
dns_lookup_realm = true
|
|
dns_lookup_kdc = true
|
|
ticket_lifetime = 24h
|
|
forwardable = yes
|
|
|
|
[realms]
|
|
$REALM = {
|
|
kdc = $FQDN:88
|
|
admin_server = $FQDN:749
|
|
default_domain = $DOMAIN
|
|
pkinit_anchors = FILE:/etc/ipa/ca.crt
|
|
}
|
|
|
|
[domain_realm]
|
|
.$DOMAIN = $REALM
|
|
$DOMAIN = $REALM
|
|
|
|
[appdefaults]
|
|
pam = {
|
|
debug = false
|
|
ticket_lifetime = 36000
|
|
renew_lifetime = 36000
|
|
forwardable = true
|
|
krb4_convert = false
|
|
}
|
|
|
|
[dbmodules]
|
|
$REALM = {
|
|
db_library = kldap
|
|
ldap_servers = ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket
|
|
ldap_kerberos_container_dn = cn=kerberos,$SUFFIX
|
|
ldap_kdc_dn = uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX
|
|
ldap_kadmind_dn = uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX
|
|
ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd
|
|
}
|
|
|