mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-12 17:21:55 -06:00
52a46d121b
This patch adds support only for the selfsign case. Replica support is also still missing at this stage.
18 lines
624 B
Plaintext
18 lines
624 B
Plaintext
[kdcdefaults]
|
|
kdc_ports = 88
|
|
kdc_tcp_ports = 88
|
|
|
|
[realms]
|
|
$REALM = {
|
|
master_key_type = aes256-cts
|
|
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
|
|
max_life = 7d
|
|
max_renewable_life = 14d
|
|
acl_file = /var/kerberos/krb5kdc/kadm5.acl
|
|
dict_file = /usr/share/dict/words
|
|
default_principal_flags = +preauth
|
|
; admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
|
|
pkinit_identity = FILE:/var/kerberos/krb5kdc/kdc.pem
|
|
pkinit_anchors = FILE:/var/kerberos/krb5kdc/cacert.pem
|
|
}
|