2 default_realm = TEST.H5L.SE
4 allow_weak_crypto = TRUE
8 pkinit_anchors = FILE:@objdir@/ca.crt
12 kdc = localhost:@port@
17 strict-nametypes = true
18 synthetic_clients = true
20 pkinit_identity = FILE:@objdir@/kdc.crt,@srcdir@/../../lib/hx509/data/key2.der
21 pkinit_anchors = FILE:@objdir@/ca.crt
22 pkinit_mappings_file = @srcdir@/pki-mapping
23 pkinit_max_life_from_cert_extension = true
24 pkinit_max_life_from_cert = @max_life_from_cert@
26 plugin_dir = @objdir@/../../kdc/.libs
28 simple_csr_authorizer_directory = @objdir@/simple_csr_authz
31 require_initial_kca_tickets = false
34 dbname = @objdir@/current-db
36 mkey_file = @objdir@/mkey.file
37 log_file = @objdir@/log.current-db.log
43 negotiate_token_validator = {
44 keytab = HDBGET:@objdir@/current-db
48 include_pkinit_san = true
49 subject_name = CN=${principal-name-without-realm},DC=TEST,DC=H5L,DC=SE
50 ekus = 1.3.6.1.5.5.7.3.2
51 ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der
52 template_cert = FILE:@objdir@/kx509-template.crt
56 include_dnsname_san = true
57 ekus = 1.3.6.1.5.5.7.3.1
58 ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der
62 ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der
65 ekus = 1.3.6.1.5.5.7.3.1
66 ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der
76 kdc = 0-/FILE:@objdir@/messages.log
77 default = 0-/FILE:@objdir@/messages.log