freeipa/install/share/krb5.conf.template
Jan Cholasta d5fc0ddd87 install: do not assume /etc/krb5.conf.d exists
Add `includedir /etc/krb5.conf.d` to /etc/krb5.conf only if
/etc/krb5.conf.d exists.

Do not rely on /etc/krb5.conf.d to enable the certauth plugin.

This fixes install on platforms which do not have /etc/krb5.conf.d.

https://pagure.io/freeipa/issue/6589

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
2017-06-28 15:44:51 +02:00

43 lines
800 B
Plaintext

$INCLUDES
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = $REALM
dns_lookup_realm = false
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 0
$OTHER_LIBDEFAULTS
[realms]
$REALM = {
kdc = $FQDN:88
master_kdc = $FQDN:88
admin_server = $FQDN:749
default_domain = $DOMAIN
pkinit_anchors = FILE:$KDC_CA_BUNDLE_PEM
pkinit_pool = FILE:$CA_BUNDLE_PEM
}
[domain_realm]
.$DOMAIN = $REALM
$DOMAIN = $REALM
$FQDN = $REALM
$OTHER_DOMAIN_REALM_MAPS
[dbmodules]
$REALM = {
db_library = ipadb.so
}
[plugins]
certauth = {
module = ipakdb:kdb/ipadb.so
enable_only = ipakdb
}