-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-[libdefaults]
- default_realm = DEBIAN.ORG
-
-# The following krb5.conf variables are only for MIT Kerberos.
- krb4_config = /etc/krb.conf
- krb4_realms = /etc/krb.realms
- kdc_timesync = 1
- ccache_type = 4
- forwardable = true
- proxiable = true
-
-# The following encryption type specification will be used by MIT Kerberos
-# if uncommented. In general, the defaults in the MIT Kerberos code are
-# correct and overriding these specifications only serves to disable new
-# encryption types as they are added, creating interoperability problems.
-#
-# Thie only time when you might need to uncomment these lines and change
-# the enctypes is if you have local software that will break on ticket
-# caches containing ticket encryption types it doesn't know about (such as
-# old versions of Sun Java).
-
-# default_tgs_enctypes = des3-hmac-sha1
-# default_tkt_enctypes = des3-hmac-sha1
-# permitted_enctypes = des3-hmac-sha1
-
-# The following libdefaults parameters are only for Heimdal Kerberos.
- v4_instance_resolve = false
- v4_name_convert = {
- host = {
- rcmd = host
- ftp = ftp
- }
- plain = {
- something = something-else
- }
- }
- fcc-mit-ticketflags = true
-
-[realms]
- DEBIAN.ORG = {
- kdc = 82.195.75.92 # byrd
- kdc = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
- kdc = 206.12.19.119 # schuetz
- kdc = [2607:f8f0:610:4000:216:36ff:fe40:380a] # schuetz
- master_kdc = 82.195.75.92 # byrd
- master_kdc = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
- admin_server = 82.195.75.92 # byrd
- admin_server = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
- }
-
-[domain_realm]
- .debian.org = DEBIAN.ORG
-
-[login]
- krb4_convert = true
- krb4_get_tickets = false
-
-<% if fqdn == "byrd.debian.org" -%>
-[password_quality]
- policies = builtin:minimum-length external-check
- min_length = 8
- external_program = /etc/heimdal-kdc/heimdal-password-quality-check
-<% end -%>