summaryrefslogtreecommitdiff
path: root/configs/kerberos
diff options
context:
space:
mode:
authorTom Barrett <tom@tombarrett.xyz>2020-02-14 01:52:47 -0600
committerTom Barrett <tom@tombarrett.xyz>2020-02-14 01:52:47 -0600
commit814f256f9055fd4c90ef19ffbde3f852f2927939 (patch)
tree46bd81aa74467ce3e6dacaf28aabce750fb8e2f7 /configs/kerberos
parent5ec4f68cf028c00939838327f25433e5352f1992 (diff)
on the way to kerb
Diffstat (limited to 'configs/kerberos')
-rw-r--r--configs/kerberos/kdc.conf16
-rw-r--r--configs/kerberos/krb5.conf21
2 files changed, 37 insertions, 0 deletions
diff --git a/configs/kerberos/kdc.conf b/configs/kerberos/kdc.conf
new file mode 100644
index 0000000..baa19a0
--- /dev/null
+++ b/configs/kerberos/kdc.conf
@@ -0,0 +1,16 @@
+[kdcdefaults]
+ kdc_ports = 750,88
+
+[realms]
+ HADES.HR = {
+ database_name = /var/lib/krb5kdc/principal
+ admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+ acl_file = /etc/krb5kdc/kadm5.acl
+ key_stash_file = /etc/krb5kdc/stash
+ kdc_ports = 750,88
+ max_life = 10h 0m 0s
+ max_renewable_life = 7d 0h 0m 0s
+ master_key_type = des3-hmac-sha1
+ #supported_enctypes = aes256-cts:normal aes128-cts:normal
+ default_principal_flags = +preauth
+ }
diff --git a/configs/kerberos/krb5.conf b/configs/kerberos/krb5.conf
new file mode 100644
index 0000000..61f51c1
--- /dev/null
+++ b/configs/kerberos/krb5.conf
@@ -0,0 +1,21 @@
+[libdefaults]
+ default_realm = HADES.HR
+
+ # The following krb5.conf variables are only for MIT Kerberos.
+ kdc_timesync = 1
+ ccache_type = 4
+ forwardable = true
+ proxiable = true
+
+ # The following libdefaults parameters are only for Heimdal Kerberos.
+ fcc-mit-ticketflags = true
+
+[realms]
+ HADES.HR = {
+ kdc = krb.hades.hr
+ admin_server = krb.hades.hr
+ }
+
+[domain_realm]
+ .hades.hr = HADES.HR
+ hades.hr = HADES.HR