source4/heimdal/tests/kdc/krb5-httpkadmind.conf.in

   1 [libdefaults]
   2         default_realm = TEST.H5L.SE
   3         no-addresses = TRUE
   4         allow_weak_crypto = TRUE
   5         rdns = false
   6         fcache_strict_checking = false
   7         name_canon_rules = as-is:realm=TEST.H5L.SE
   8
   9 [appdefaults]
  10         pkinit_anchors = FILE:@objdir@/ca.crt
  11         pkinit_pool = FILE:@objdir@/ca.crt
  12
  13 [realms]
  14         TEST.H5L.SE = {
  15                 kdc = localhost:@port@
  16                 pkinit_win2k = @w2k@
  17         }
  18
  19 [kdc]
  20         num-kdc-processes = 1
  21         strict-nametypes = true
  22         synthetic_clients = true
  23         enable-pkinit = true
  24         pkinit_identity = FILE:@objdir@/kdc.crt,@srcdir@/../../lib/hx509/data/key2.der
  25         pkinit_anchors = FILE:@objdir@/ca.crt
  26         pkinit_mappings_file = @srcdir@/pki-mapping
  27
  28         # Locate kdc plugins for testing
  29         plugin_dir =  @objdir@/../../kdc/.libs
  30
  31         # Configure kdc plugins for testing
  32         simple_csr_authorizer_directory = @objdir@/simple_csr_authz
  33
  34         database = {
  35                 dbname = @objdir@/current-db
  36                 realm = TEST.H5L.SE
  37                 mkey_file = @objdir@/mkey.file
  38                 log_file = @objdir@/log.current-db.log
  39                 acl_file = @srcdir@/heimdal.acl
  40         }
  41
  42         negotiate_token_validator = {
  43                 keytab = FILE:@objdir@/kt
  44         }
  45
  46         realms = {
  47                 TEST.H5L.SE = {
  48                         kx509 = {
  49                                 user = {
  50                                         include_pkinit_san = true
  51                                         subject_name = CN=${principal-name-without-realm},DC=test,DC=h5l,DC=se
  52                                         ekus = 1.3.6.1.5.5.7.3.2
  53                                         ca = PEM-FILE:@objdir@/user-issuer.pem
  54                                 }
  55                                 hostbased_service = {
  56                                         HTTP = {
  57                                                 include_dnsname_san = true
  58                                                 ekus = 1.3.6.1.5.5.7.3.1
  59                                                 ca = PEM-FILE:@objdir@/server-issuer.pem
  60                                         }
  61                                 }
  62                                 client = {
  63                                         ekus = 1.3.6.1.5.5.7.3.2
  64                                         ca = PEM-FILE:@objdir@/user-issuer.pem
  65                                 }
  66                                 server = {
  67                                         ekus = 1.3.6.1.5.5.7.3.1
  68                                         ca = PEM-FILE:@objdir@/server-issuer.pem
  69                                 }
  70                                 mixed = {
  71                                         ekus = 1.3.6.1.5.5.7.3.1
  72                                         ekus = 1.3.6.1.5.5.7.3.2
  73                                         ca = PEM-FILE:@objdir@/mixed-issuer.pem
  74                                 }
  75                         }
  76                 }
  77         }
  78
  79 [hdb]
  80         db-dir = @objdir@
  81         enable_virtual_hostbased_princs = true
  82         virtual_hostbased_princ_mindots = 1
  83         virtual_hostbased_princ_maxdots = 3
  84         virtual_hostbased_princ_svcs = HTTP host
  85
  86 [ext_keytab]
  87         simple_csr_authorizer_directory = @objdir@/simple_csr_authz
  88
  89 [logging]
  90         kdc = 0-/FILE:@objdir@/messages.log
  91         bx509d = 0-/FILE:@objdir@/messages.log
  92         httpkadmind = 0-/FILE:@objdir@/messages.log
  93         default = 0-/FILE:@objdir@/messages.log
  94
  95 [domain_realm]
  96         . = TEST.H5L.SE