## ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git ## [libdefaults] default_realm = DEBIAN.ORG # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] DEBIAN.ORG = { kdc = 82.195.75.92 # byrd kdc = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd kdc = 206.12.19.119 # schuetz kdc = [2607:f8f0:610:4000:216:36ff:fe40:380a] # schuetz master_kdc = 82.195.75.92 # byrd master_kdc = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd admin_server = 82.195.75.92 # byrd admin_server = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd } [domain_realm] .debian.org = DEBIAN.ORG [login] krb4_convert = true krb4_get_tickets = false <% if fqdn == "byrd.debian.org" -%> [password_quality] policies = builtin:minimum-length external-check min_length = 8 external_program = /etc/heimdal-kdc/heimdal-password-quality-check <% end -%>