From f76e2522464f2ddeb16aa01c9487b36e6aa70a94 Mon Sep 17 00:00:00 2001
From: Tom Barrett <tom@tombarrett.xyz>
Date: Fri, 14 Feb 2020 07:50:37 -0600
Subject: adding admin users

---
 configs/kerberos/kadm5.acl |  6 ++++++
 configs/kerberos/krb5.conf | 10 +---------
 2 files changed, 7 insertions(+), 9 deletions(-)
 create mode 100644 configs/kerberos/kadm5.acl

(limited to 'configs/kerberos')

diff --git a/configs/kerberos/kadm5.acl b/configs/kerberos/kadm5.acl
new file mode 100644
index 0000000..76df603
--- /dev/null
+++ b/configs/kerberos/kadm5.acl
@@ -0,0 +1,6 @@
+# This file Is the access control list for krb5 administration.
+# When this file is edited run service krb5-admin-server restart to activate
+# One common way to set up Kerberos administration is to allow any principal 
+# ending in /admin  is given full administrative rights.
+# To enable this, uncomment the following line:
+*/admin *
diff --git a/configs/kerberos/krb5.conf b/configs/kerberos/krb5.conf
index 61f51c1..c78717b 100644
--- a/configs/kerberos/krb5.conf
+++ b/configs/kerberos/krb5.conf
@@ -1,19 +1,11 @@
 [libdefaults]
 	default_realm = HADES.HR
 
-	# The following krb5.conf variables are only for MIT Kerberos.
-	kdc_timesync = 1
-	ccache_type = 4
-	forwardable = true
-	proxiable = true
-
-	# The following libdefaults parameters are only for Heimdal Kerberos.
-	fcc-mit-ticketflags = true
-
 [realms]
 	HADES.HR = {
 		kdc = krb.hades.hr
 		admin_server = krb.hades.hr
+		default_domain = hades.hr
 	}
 
 [domain_realm]
-- 
cgit v1.2.3