mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
d5fc0ddd87
Add `includedir /etc/krb5.conf.d` to /etc/krb5.conf only if /etc/krb5.conf.d exists. Do not rely on /etc/krb5.conf.d to enable the certauth plugin. This fixes install on platforms which do not have /etc/krb5.conf.d. https://pagure.io/freeipa/issue/6589 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
43 lines
800 B
Plaintext
43 lines
800 B
Plaintext
$INCLUDES
|
|
includedir /var/lib/sss/pubconf/krb5.include.d/
|
|
|
|
[logging]
|
|
default = FILE:/var/log/krb5libs.log
|
|
kdc = FILE:/var/log/krb5kdc.log
|
|
admin_server = FILE:/var/log/kadmind.log
|
|
|
|
[libdefaults]
|
|
default_realm = $REALM
|
|
dns_lookup_realm = false
|
|
dns_lookup_kdc = true
|
|
rdns = false
|
|
ticket_lifetime = 24h
|
|
forwardable = true
|
|
udp_preference_limit = 0
|
|
$OTHER_LIBDEFAULTS
|
|
[realms]
|
|
$REALM = {
|
|
kdc = $FQDN:88
|
|
master_kdc = $FQDN:88
|
|
admin_server = $FQDN:749
|
|
default_domain = $DOMAIN
|
|
pkinit_anchors = FILE:$KDC_CA_BUNDLE_PEM
|
|
pkinit_pool = FILE:$CA_BUNDLE_PEM
|
|
}
|
|
|
|
[domain_realm]
|
|
.$DOMAIN = $REALM
|
|
$DOMAIN = $REALM
|
|
$FQDN = $REALM
|
|
$OTHER_DOMAIN_REALM_MAPS
|
|
[dbmodules]
|
|
$REALM = {
|
|
db_library = ipadb.so
|
|
}
|
|
|
|
[plugins]
|
|
certauth = {
|
|
module = ipakdb:kdb/ipadb.so
|
|
enable_only = ipakdb
|
|
}
|