third_party/heimdal/tests/kdc/krb5-cccol.conf.in

   1 [libdefaults]
   2         default_realm = TEST.H5L.SE TEST2.H5L.SE
   3         default_cc_collection = DIR:@objdir@/cc_dir/
   4         no-addresses = TRUE
   5         allow_weak_crypto = @WEAK@
   6         dns_lookup_kdc = no
   7         dns_lookup_realm = no
   8
   9
  10 [appdefaults]
  11         pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
  12         reconnect-min = 2s
  13         reconnect-backoff = 2s
  14         reconnect-max = 10s
  15
  16 [realms]
  17         TEST.H5L.SE = {
  18                 kdc = localhost:@port@
  19                 admin_server = localhost:@admport@
  20                 kpasswd_server = localhost:@pwport@
  21         }
  22         SUB.TEST.H5L.SE = {
  23                 kdc = localhost:@port@
  24         }
  25         TEST2.H5L.SE = {
  26                 kdc = localhost:@port@
  27                 kpasswd_server = localhost:@pwport@
  28         }
  29         TEST3.H5L.SE = {
  30                 kdc = localhost:@port@
  31         }
  32         TEST4.H5L.SE = {
  33                 kdc = localhost:@port@
  34         }
  35         SOME-REALM5.FR = {
  36                 kdc = localhost:@port@
  37         }
  38         SOME-REALM6.US = {
  39                 kdc = localhost:@port@
  40         }
  41         SOME-REALM7.UK = {
  42                 kdc = localhost:@port@
  43         }
  44         SOME-REALM8.UK = {
  45                 kdc = localhost:@port@
  46         }
  47         TEST-HTTP.H5L.SE = {
  48                 kdc = http/localhost:@port@
  49         }
  50         H1.TEST.H5L.SE = {
  51                 kdc = localhost:@port@
  52         }
  53         H2.TEST.H5L.SE = {
  54                 kdc = localhost:@port@
  55         }
  56         H3.H2.TEST.H5L.SE = {
  57                 kdc = localhost:@port@
  58         }
  59         H4.H2.TEST.H5L.SE = {
  60                 kdc = localhost:@port@
  61         }
  62
  63 [domain_realm]
  64         .test.h5l.se = TEST.H5L.SE
  65         .sub.test.h5l.se = SUB.TEST.H5L.SE
  66         .h1.test.h5l.se = H1.TEST.H5L.SE
  67         .h2.test.h5l.se = H2.TEST.H5L.SE
  68         .h3.h2.test.h5l.se = H3.H2.TEST.H5L.SE
  69         .h4.h2.test.h5l.se = H4.H2.TEST.H5L.SE
  70         .example.com = TEST2.H5L.SE
  71         localhost = TEST.H5L.SE
  72         .localdomain = TEST.H5L.SE
  73         localdomain = TEST.H5L.SE
  74         .localdomain6 = TEST.H5L.SE
  75         localdomain6 = TEST.H5L.SE
  76
  77
  78 [kdc]
  79         enable-digest = true
  80         allow-anonymous = true
  81         digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
  82         strict-nametypes = true
  83
  84         enable-http = true
  85
  86         enable-pkinit = true
  87         pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
  88         pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
  89         pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
  90 #       pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
  91         pkinit_mappings_file = @srcdir@/pki-mapping
  92         pkinit_allow_proxy_certificate = true
  93
  94         database = {
  95                 label = {
  96                         dbname = @db_type@:@objdir@/current-db@kdc@
  97                         realm = TEST.H5L.SE
  98                         mkey_file = @objdir@/mkey.file
  99                         acl_file = @srcdir@/heimdal.acl
 100                         log_file = @objdir@/current@kdc@.log
 101                 }
 102                 label2 = {
 103                         dbname = @db_type@:@objdir@/current-db@kdc@
 104                         realm = TEST2.H5L.SE
 105                         mkey_file = @objdir@/mkey.file
 106                         acl_file = @srcdir@/heimdal.acl
 107                         log_file = @objdir@/current@kdc@.log
 108                 }
 109                 label3 = {
 110                         dbname = sqlite:@objdir@/current-db@kdc@.sqlite3
 111                         realm = SOME-REALM5.FR
 112                         mkey_file = @objdir@/mkey.file
 113                         acl_file = @srcdir@/heimdal.acl
 114                         log_file = @objdir@/current@kdc@.log
 115                 }
 116         }
 117
 118         signal_socket = @objdir@/signal
 119         iprop-stats = @objdir@/iprop-stats
 120         iprop-acl = @srcdir@/iprop-acl
 121         log-max-size = 40000
 122
 123 [hdb]
 124         db-dir = @objdir@
 125
 126 [logging]
 127         kdc = 0-/FILE:@objdir@/messages.log
 128         krb5 = 0-/FILE:@objdir@/messages.log
 129         default = 0-/FILE:@objdir@/messages.log
 130
 131 # If you are doing preformance measurements on OSX you want to change
 132 # the kdc LOG line from = to - below to keep the FILE open and avoid
 133 # open/write/close which is blocking (rdar:// ) on OSX.
 134 #       kdc = 0-/FILE=@objdir@/messages.log
 135
 136 [kadmin]
 137         save-password = true
 138         default_key_rules = {
 139                 */des3-only@* = des3-cbc-sha1:pw-salt
 140                 */aes-only@* = aes256-cts-hmac-sha1-96:pw-salt
 141         }
 142         @dk@
 143
 144 [capaths]
 145         TEST.H5L.SE = {
 146                 TEST2.H5L.SE = .
 147                 SOME-REALM5.FR = 1
 148                 TEST3.H5L.SE = TEST2.H5L.SE
 149                 TEST4.H5L.SE = TEST2.H5L.SE
 150                 TEST4.H5L.SE = TEST3.H5L.SE
 151                 SOME-REALM6.US = SOME-REALM5.FR
 152                 SOME-REALM7.UK = SOME-REALM6.US
 153                 SOME-REALM7.UK = SOME-REALM5.FR
 154                 SOME-REALM8.UK = SOME-REALM6.US
 155         }
 156         H4.H2.TEST.H5L.SE = {
 157                 H1.TEST.H5L.SE = H3.H2.TEST.H5L.SE
 158                 H1.TEST.H5L.SE = H2.TEST.H5L.SE
 159                 H1.TEST.H5L.SE = TEST.H5L.SE
 160
 161                 TEST.H5L.SE = H3.H2.TEST.H5L.SE
 162                 TEST.H5L.SE = H2.TEST.H5L.SE
 163
 164                 H2.TEST.H5L.SE = H3.H2.TEST.H5L.SE
 165         }