modules/krb/templates/krb5.conf.erb

   1 ##
   2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
   3 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
   4 ##
   5
   6 [libdefaults]
   7         default_realm = DEBIAN.ORG
   8
   9 # The following krb5.conf variables are only for MIT Kerberos.
  10         krb4_config = /etc/krb.conf
  11         krb4_realms = /etc/krb.realms
  12         kdc_timesync = 1
  13         ccache_type = 4
  14         forwardable = true
  15         proxiable = true
  16
  17 # The following encryption type specification will be used by MIT Kerberos
  18 # if uncommented.  In general, the defaults in the MIT Kerberos code are
  19 # correct and overriding these specifications only serves to disable new
  20 # encryption types as they are added, creating interoperability problems.
  21 #
  22 # Thie only time when you might need to uncomment these lines and change
  23 # the enctypes is if you have local software that will break on ticket
  24 # caches containing ticket encryption types it doesn't know about (such as
  25 # old versions of Sun Java).
  26
  27 #       default_tgs_enctypes = des3-hmac-sha1
  28 #       default_tkt_enctypes = des3-hmac-sha1
  29 #       permitted_enctypes = des3-hmac-sha1
  30
  31 # The following libdefaults parameters are only for Heimdal Kerberos.
  32         v4_instance_resolve = false
  33         v4_name_convert = {
  34                 host = {
  35                         rcmd = host
  36                         ftp = ftp
  37                 }
  38                 plain = {
  39                         something = something-else
  40                 }
  41         }
  42         fcc-mit-ticketflags = true
  43
  44 [realms]
  45         DEBIAN.ORG = {
  46                 kdc = 82.195.75.92                           # byrd
  47                 kdc = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
  48                 kdc = 206.12.19.119                           # schuetz
  49                 kdc = [2607:f8f0:610:4000:216:36ff:fe40:380a] # schuetz
  50                 master_kdc = 82.195.75.92                           # byrd
  51                 master_kdc = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
  52                 admin_server = 82.195.75.92                           # byrd
  53                 admin_server = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
  54         }
  55
  56 [domain_realm]
  57         .debian.org = DEBIAN.ORG
  58
  59 [login]
  60         krb4_convert = true
  61         krb4_get_tickets = false
  62
  63 <% if fqdn == "byrd.debian.org" -%>
  64 [password_quality]
  65         policies = builtin:minimum-length external-check
  66         min_length = 8
  67         external_program = /etc/heimdal-kdc/heimdal-password-quality-check
  68 <% end -%>