2 default_realm = TEST.H5L.SE
4 allow_weak_crypto = TRUE
6 fcache_strict_checking = false
7 name_canon_rules = as-is:realm=TEST.H5L.SE
10 pkinit_anchors = FILE:@objdir@/ca.crt
11 pkinit_pool = FILE:@objdir@/ca.crt
15 kdc = localhost:@port@
21 strict-nametypes = true
22 synthetic_clients = true
24 pkinit_identity = FILE:@objdir@/kdc.crt,@srcdir@/../../lib/hx509/data/key2.der
25 pkinit_anchors = FILE:@objdir@/ca.crt
26 pkinit_mappings_file = @srcdir@/pki-mapping
28 # Locate kdc plugins for testing
29 plugin_dir = @objdir@/../../kdc/.libs
31 # Configure kdc plugins for testing
32 simple_csr_authorizer_directory = @objdir@/simple_csr_authz
35 dbname = @objdir@/current-db
37 mkey_file = @objdir@/mkey.file
38 log_file = @objdir@/log.current-db.log
39 acl_file = @srcdir@/heimdal.acl
42 negotiate_token_validator = {
43 keytab = FILE:@objdir@/kt
50 include_pkinit_san = true
51 subject_name = CN=${principal-name-without-realm},DC=test,DC=h5l,DC=se
52 ekus = 1.3.6.1.5.5.7.3.2
53 ca = PEM-FILE:@objdir@/user-issuer.pem
57 include_dnsname_san = true
58 ekus = 1.3.6.1.5.5.7.3.1
59 ca = PEM-FILE:@objdir@/server-issuer.pem
63 ekus = 1.3.6.1.5.5.7.3.2
64 ca = PEM-FILE:@objdir@/user-issuer.pem
67 ekus = 1.3.6.1.5.5.7.3.1
68 ca = PEM-FILE:@objdir@/server-issuer.pem
71 ekus = 1.3.6.1.5.5.7.3.1
72 ekus = 1.3.6.1.5.5.7.3.2
73 ca = PEM-FILE:@objdir@/mixed-issuer.pem
81 enable_virtual_hostbased_princs = true
82 virtual_hostbased_princ_mindots = 1
83 virtual_hostbased_princ_maxdots = 3
84 virtual_hostbased_princ_svcs = HTTP host
87 simple_csr_authorizer_directory = @objdir@/simple_csr_authz
90 kdc = 0-/FILE:@objdir@/messages.log
91 bx509d = 0-/FILE:@objdir@/messages.log
92 httpkadmind = 0-/FILE:@objdir@/messages.log
93 default = 0-/FILE:@objdir@/messages.log