44 lines
1.3 KiB
Go
44 lines
1.3 KiB
Go
package auth
|
|
|
|
const (
|
|
dnsupdateuser = "dns_updater@STHOME.LAN"
|
|
krb5conf = `[logging]
|
|
default = FILE:/var/log/krb5libs.log
|
|
kdc = FILE:/var/log/krb5kdc.log
|
|
admin_server = FILE:/var/log/kadmind.log
|
|
|
|
[libdefaults]
|
|
# specifies the default realm that needs to be picked up for authentication
|
|
default_realm = STHOME.LAN
|
|
# set following to true, if you're specified dns' instead of IP addresses under [realms]
|
|
dns_lookup_realm = false
|
|
# specifies whether DNS SRV records should be used to locate the KDCs and other servers for a realm
|
|
dns_lookup_kdc = false
|
|
# this is a mandatory flag as we need to obtain forwardable tickets from the KDC
|
|
forward = true
|
|
# specifies if initial tickets will be forwardable by default, if allowed by the KDC
|
|
forwardable = true
|
|
ticket_lifetime = 24h
|
|
renew_lifetime = 7d
|
|
rdns = false
|
|
default_ccache_name = KEYRING:persistent:%{uid}
|
|
pkinit_dh_min_bits = 1024
|
|
# specifies that short hostnames should be canonicalized to fully-qualified hostnames
|
|
dns_canonicalize_hostname = true
|
|
|
|
[realms]
|
|
# Realm configuration with different possible way to be resolved
|
|
STHOME.LAN = {
|
|
admin_server = 192.168.2.1:749
|
|
kdc = 192.168.2.1:88
|
|
kdc = 192.168.2.4:88
|
|
}
|
|
|
|
[domain_realm]
|
|
sthome.lan = STHOME.LAN
|
|
.sthome.lan = STHOME.LAN
|
|
sthome.net = STHOME.LAN
|
|
.sthome.net = STHOME.LAN
|
|
`
|
|
)
|