diff options
| author | Tom Barrett <tom@tombarrett.xyz> | 2020-03-20 04:30:39 -0500 |
|---|---|---|
| committer | Tom Barrett <tom@tombarrett.xyz> | 2020-03-20 04:30:39 -0500 |
| commit | eab5eca5bda076aae57e6cc82b6e08dbd5025ff3 (patch) | |
| tree | 560332dfd41f0948d13fec7d34ce25ccd6202313 /configs/krb | |
| parent | 01e2662903dadce5903581eac738d0b413e521c2 (diff) | |
new way of generating interfaces, only have to change hosts file now
Diffstat (limited to 'configs/krb')
| -rw-r--r-- | configs/krb/kadm5.acl | 6 | ||||
| -rw-r--r-- | configs/krb/kdc.conf | 16 | ||||
| -rw-r--r-- | configs/krb/krb5.conf | 13 |
3 files changed, 35 insertions, 0 deletions
diff --git a/configs/krb/kadm5.acl b/configs/krb/kadm5.acl new file mode 100644 index 0000000..76df603 --- /dev/null +++ b/configs/krb/kadm5.acl @@ -0,0 +1,6 @@ +# This file Is the access control list for krb5 administration. +# When this file is edited run service krb5-admin-server restart to activate +# One common way to set up Kerberos administration is to allow any principal +# ending in /admin is given full administrative rights. +# To enable this, uncomment the following line: +*/admin * diff --git a/configs/krb/kdc.conf b/configs/krb/kdc.conf new file mode 100644 index 0000000..baa19a0 --- /dev/null +++ b/configs/krb/kdc.conf @@ -0,0 +1,16 @@ +[kdcdefaults] + kdc_ports = 750,88 + +[realms] + HADES.HR = { + database_name = /var/lib/krb5kdc/principal + admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab + acl_file = /etc/krb5kdc/kadm5.acl + key_stash_file = /etc/krb5kdc/stash + kdc_ports = 750,88 + max_life = 10h 0m 0s + max_renewable_life = 7d 0h 0m 0s + master_key_type = des3-hmac-sha1 + #supported_enctypes = aes256-cts:normal aes128-cts:normal + default_principal_flags = +preauth + } diff --git a/configs/krb/krb5.conf b/configs/krb/krb5.conf new file mode 100644 index 0000000..c78717b --- /dev/null +++ b/configs/krb/krb5.conf @@ -0,0 +1,13 @@ +[libdefaults] + default_realm = HADES.HR + +[realms] + HADES.HR = { + kdc = krb.hades.hr + admin_server = krb.hades.hr + default_domain = hades.hr + } + +[domain_realm] + .hades.hr = HADES.HR + hades.hr = HADES.HR |