source4/heimdal/tests/kdc/krb5-pkinit.conf.in

   1 [libdefaults]
   2         default_realm = TEST.H5L.SE
   3         no-addresses = TRUE
   4         allow_weak_crypto = TRUE
   5         enable_kx509 = true
   6
   7 [appdefaults]
   8         pkinit_anchors = FILE:@objdir@/ca.crt
   9
  10 [realms]
  11         TEST.H5L.SE = {
  12                 kdc = localhost:@port@
  13                 pkinit_win2k = @w2k@
  14         }
  15
  16 [kdc]
  17         strict-nametypes = true
  18         synthetic_clients = true
  19         enable-pkinit = true
  20         pkinit_identity = FILE:@objdir@/kdc.crt,@srcdir@/../../lib/hx509/data/key2.der
  21         pkinit_anchors = FILE:@objdir@/ca.crt
  22         pkinit_mappings_file = @srcdir@/pki-mapping
  23         pkinit_max_life_from_cert_extension = true
  24         pkinit_max_life_from_cert = @max_life_from_cert@
  25
  26         plugin_dir =  @objdir@/../../kdc/.libs
  27
  28         simple_csr_authorizer_directory = @objdir@/simple_csr_authz
  29
  30         enable_kx509 = true
  31         require_initial_kca_tickets = false
  32
  33         database = {
  34                 dbname = @objdir@/current-db
  35                 realm = TEST.H5L.SE
  36                 mkey_file = @objdir@/mkey.file
  37                 log_file = @objdir@/log.current-db.log
  38         }
  39
  40
  41         realms = {
  42                 TEST.H5L.SE = {
  43                         negotiate_token_validator = {
  44                                 keytab = HDBGET:@objdir@/current-db
  45                         }
  46                         kx509 = {
  47                                 user = {
  48                                         include_pkinit_san = true
  49                                         subject_name = CN=${principal-name-without-realm},DC=TEST,DC=H5L,DC=SE
  50                                         ekus = 1.3.6.1.5.5.7.3.2
  51                                         ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der
  52                                         template_cert = FILE:@objdir@/kx509-template.crt
  53                                 }
  54                                 hostbased_service = {
  55                                         HTTP = {
  56                                                 include_dnsname_san = true
  57                                                 ekus = 1.3.6.1.5.5.7.3.1
  58                                                 ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der
  59                                         }
  60                                 }
  61                                 client = {
  62                                         ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der
  63                                 }
  64                                 server = {
  65                                         ekus = 1.3.6.1.5.5.7.3.1
  66                                         ca = FILE:@objdir@/ca.crt,@srcdir@/../../lib/hx509/data/key.der
  67                                 }
  68                         }
  69                 }
  70         }
  71
  72 [hdb]
  73         db-dir = @objdir@
  74
  75 [logging]
  76         kdc = 0-/FILE:@objdir@/messages.log
  77         default = 0-/FILE:@objdir@/messages.log
  78
  79 [kadmin]
  80         save-password = true