3 files changed, 35 insertions, 0 deletions

diff --git a/configs/krb/kadm5.acl b/configs/krb/kadm5.acl
new file mode 100644
index 0000000..76df603
--- /dev/null
+++ b/configs/krb/kadm5.acl
@@ -0,0 +1,6 @@
+# This file Is the access control list for krb5 administration.
+# When this file is edited run service krb5-admin-server restart to activate
+# One common way to set up Kerberos administration is to allow any principal 
+# ending in /admin  is given full administrative rights.
+# To enable this, uncomment the following line:
+*/admin *
diff --git a/configs/krb/kdc.conf b/configs/krb/kdc.conf
new file mode 100644
index 0000000..baa19a0
--- /dev/null
+++ b/configs/krb/kdc.conf
@@ -0,0 +1,16 @@
+[kdcdefaults]
+    kdc_ports = 750,88
+
+[realms]
+    HADES.HR = {
+        database_name = /var/lib/krb5kdc/principal
+        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+        acl_file = /etc/krb5kdc/kadm5.acl
+        key_stash_file = /etc/krb5kdc/stash
+        kdc_ports = 750,88
+        max_life = 10h 0m 0s
+        max_renewable_life = 7d 0h 0m 0s
+        master_key_type = des3-hmac-sha1
+        #supported_enctypes = aes256-cts:normal aes128-cts:normal
+        default_principal_flags = +preauth
+    }
diff --git a/configs/krb/krb5.conf b/configs/krb/krb5.conf
new file mode 100644
index 0000000..c78717b
--- /dev/null
+++ b/configs/krb/krb5.conf
@@ -0,0 +1,13 @@
+[libdefaults]
+	default_realm = HADES.HR
+
+[realms]
+	HADES.HR = {
+		kdc = krb.hades.hr
+		admin_server = krb.hades.hr
+		default_domain = hades.hr
+	}
+
+[domain_realm]
+	.hades.hr = HADES.HR
+	hades.hr = HADES.HR