package auth

const (
	dnsupdateuser = "dns_updater@STHOME.LAN"
	krb5conf      = `[logging]
	default = FILE:/var/log/krb5libs.log
	kdc = FILE:/var/log/krb5kdc.log
	admin_server = FILE:/var/log/kadmind.log

	[libdefaults]
	# specifies the default realm that needs to be picked up for authentication
	default_realm = STHOME.LAN
	# set following to true, if you're specified dns' instead of IP addresses under [realms]
	dns_lookup_realm = false
	# specifies whether DNS SRV records should be used to locate the KDCs and other servers for a realm
	dns_lookup_kdc = false
	# this is a mandatory flag as we need to obtain forwardable tickets from the KDC
	forward = true
	# specifies if initial tickets will be forwardable by default, if allowed by the KDC
	forwardable = true
	ticket_lifetime = 24h
	renew_lifetime = 7d
	rdns = false
	default_ccache_name = KEYRING:persistent:%{uid}
	pkinit_dh_min_bits = 1024
	# specifies that short hostnames should be canonicalized to fully-qualified hostnames
	dns_canonicalize_hostname = true

	[realms]
	# Realm configuration with different possible way to be resolved
	STHOME.LAN = {
	admin_server = 192.168.2.1:749
	kdc = 192.168.2.1:88
	kdc = 192.168.2.4:88
	}

	[domain_realm]
	sthome.lan = STHOME.LAN
	.sthome.lan = STHOME.LAN
	sthome.net = STHOME.LAN
	.sthome.net = STHOME.LAN
	`
)