diff options
Diffstat (limited to 'configs/krb')
-rw-r--r-- | configs/krb/kadm5.acl | 6 | ||||
-rw-r--r-- | configs/krb/kdc.conf | 16 | ||||
-rw-r--r-- | configs/krb/krb5.conf | 13 |
3 files changed, 35 insertions, 0 deletions
diff --git a/configs/krb/kadm5.acl b/configs/krb/kadm5.acl new file mode 100644 index 0000000..76df603 --- /dev/null +++ b/configs/krb/kadm5.acl @@ -0,0 +1,6 @@ +# This file Is the access control list for krb5 administration. +# When this file is edited run service krb5-admin-server restart to activate +# One common way to set up Kerberos administration is to allow any principal +# ending in /admin is given full administrative rights. +# To enable this, uncomment the following line: +*/admin * diff --git a/configs/krb/kdc.conf b/configs/krb/kdc.conf new file mode 100644 index 0000000..baa19a0 --- /dev/null +++ b/configs/krb/kdc.conf @@ -0,0 +1,16 @@ +[kdcdefaults] + kdc_ports = 750,88 + +[realms] + HADES.HR = { + database_name = /var/lib/krb5kdc/principal + admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab + acl_file = /etc/krb5kdc/kadm5.acl + key_stash_file = /etc/krb5kdc/stash + kdc_ports = 750,88 + max_life = 10h 0m 0s + max_renewable_life = 7d 0h 0m 0s + master_key_type = des3-hmac-sha1 + #supported_enctypes = aes256-cts:normal aes128-cts:normal + default_principal_flags = +preauth + } diff --git a/configs/krb/krb5.conf b/configs/krb/krb5.conf new file mode 100644 index 0000000..c78717b --- /dev/null +++ b/configs/krb/krb5.conf @@ -0,0 +1,13 @@ +[libdefaults] + default_realm = HADES.HR + +[realms] + HADES.HR = { + kdc = krb.hades.hr + admin_server = krb.hades.hr + default_domain = hades.hr + } + +[domain_realm] + .hades.hr = HADES.HR + hades.hr = HADES.HR |