summaryrefslogtreecommitdiff
path: root/configs/krb
diff options
context:
space:
mode:
Diffstat (limited to 'configs/krb')
-rw-r--r--configs/krb/kadm5.acl6
-rw-r--r--configs/krb/kdc.conf16
-rw-r--r--configs/krb/krb5.conf13
3 files changed, 35 insertions, 0 deletions
diff --git a/configs/krb/kadm5.acl b/configs/krb/kadm5.acl
new file mode 100644
index 0000000..76df603
--- /dev/null
+++ b/configs/krb/kadm5.acl
@@ -0,0 +1,6 @@
+# This file Is the access control list for krb5 administration.
+# When this file is edited run service krb5-admin-server restart to activate
+# One common way to set up Kerberos administration is to allow any principal
+# ending in /admin is given full administrative rights.
+# To enable this, uncomment the following line:
+*/admin *
diff --git a/configs/krb/kdc.conf b/configs/krb/kdc.conf
new file mode 100644
index 0000000..baa19a0
--- /dev/null
+++ b/configs/krb/kdc.conf
@@ -0,0 +1,16 @@
+[kdcdefaults]
+ kdc_ports = 750,88
+
+[realms]
+ HADES.HR = {
+ database_name = /var/lib/krb5kdc/principal
+ admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+ acl_file = /etc/krb5kdc/kadm5.acl
+ key_stash_file = /etc/krb5kdc/stash
+ kdc_ports = 750,88
+ max_life = 10h 0m 0s
+ max_renewable_life = 7d 0h 0m 0s
+ master_key_type = des3-hmac-sha1
+ #supported_enctypes = aes256-cts:normal aes128-cts:normal
+ default_principal_flags = +preauth
+ }
diff --git a/configs/krb/krb5.conf b/configs/krb/krb5.conf
new file mode 100644
index 0000000..c78717b
--- /dev/null
+++ b/configs/krb/krb5.conf
@@ -0,0 +1,13 @@
+[libdefaults]
+ default_realm = HADES.HR
+
+[realms]
+ HADES.HR = {
+ kdc = krb.hades.hr
+ admin_server = krb.hades.hr
+ default_domain = hades.hr
+ }
+
+[domain_realm]
+ .hades.hr = HADES.HR
+ hades.hr = HADES.HR