Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# /etc/krb5.conf -- Kerberos V5 general configuration.
#
# This is the standard Kerberos v5 configuration file for all of our
# servers. It is based on the Stanford-wide configuration, the canonical
# version of which is in /usr/pubsw/etc/krb5.conf.
#
# This configuration allows any enctypes. Some systems with really old
# Kerberos software may have to limit to triple-DES and DES.
[appdefaults]
default_lifetime = 25hrs
krb4_convert = false
krb4_convert_524 = false
ksu = {
forwardable = false
}
pam = {
minimum_uid = 100
search_k5login = true
forwardable = true
}
pam-afs-session = {
minimum_uid = 100
}
libkafs = {
IR.STANFORD.EDU = {
afs-use-524 = no
}
}
passwd_change = {
passwd_file = /afs/ir.stanford.edu/service/etc/passwd.all
server = password-change.stanford.edu
port = 4443
service_principal = service/password-change@stanford.edu
}
wallet = {
wallet_server = wallet.stanford.edu
}
[libdefaults]
default_realm = stanford.edu
ticket_lifetime = 25h
renew_lifetime = 7d
forwardable = true
noaddresses = true
allow_weak_crypto = true
<% if (@prefer_tcp) then -%>
udp_preference_limit = 1
<% end -%>
<%
if (@krb_env == 'uat') then
-%>
kdc = kerberos-uat.stanford.edu:88
master_kdc = kerberos-uat.stanford.edu:88
admin_server = kerberos-uat.stanford.edu
kpasswd_server = kerberos-uat.stanford.edu
<%
elsif (@krb_env == 'test') then
-%>
kdc = kerberos-test.stanford.edu:88
master_kdc = kerberos-test.stanford.edu:88
admin_server = kerberos-test.stanford.edu
kpasswd_server = kerberos-test.stanford.edu
<%
else
if (@drSite) then
-%>
kdc = kerberos-liv.stanford.edu:88
<%
end
-%>
kdc = krb5auth1.stanford.edu:88
kdc = krb5auth2.stanford.edu:88
kdc = krb5auth3.stanford.edu:88
master_kdc = krb5auth1.stanford.edu:88
admin_server = krb5-admin.stanford.edu
kpasswd_server = krb5-admin.stanford.edu
<%
end
-%>
default_domain = stanford.edu
kadmind_port = 749
}
heimdal.stanford.edu = {
kdc = kerberos-dev.stanford.edu:88
master_kdc = kerberos-dev.stanford.edu:88
admin_server = kerberos-dev.stanford.edu
kpasswd_server = kerberos-dev.stanford.edu
kadmind_port = 749
}
WIN.STANFORD.EDU = {
kdc = mothra.win.stanford.edu:88
kdc = rodan.win.stanford.edu:88
kpasswd_server = mothra.win.stanford.edu
}
WINUAT.STANFORD.EDU = {
kdc = winuatdc1.winuat.stanford.edu:88
kpasswd_server = winuatdc1.winuat.stanford.edu
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
}
NT.STANFORD.EDU = {
kdc = ntdc2.nt.stanford.edu:88
kdc = ntdc3.nt.stanford.edu:88
kpasswd_server = ntdc2.nt.stanford.edu
}
GUEST.STANFORD.EDU = {
kdc = guestdc0.guest.stanford.edu:88
kdc = guestdc1.guest.stanford.edu:88
kpasswd_server = guestdc0.guest.stanford.edu
default_domain = guest.stanford.edu
}
GUESTUAT.STANFORD.EDU = {
kdc = guestuatdc0.guestuat.stanford.edu:88
kdc = guestuatdc1.guestuat.stanford.edu:88
kpasswd_server = guestuatdc0.guestuat.stanford.edu
default_domain = guestuat.stanford.edu
}
CS.STANFORD.EDU = {
kdc = cs-kdc-1.stanford.edu:88
kdc = cs-kdc-2.stanford.edu:88
kdc = cs-kdc-3.stanford.edu:88
admin_server = cs-kdc-1.stanford.edu:749
}
SLAC.STANFORD.EDU = {
kdc = k5auth1.slac.stanford.edu:88
kdc = k5auth2.slac.stanford.edu:88
kdc = k5auth3.slac.stanford.edu:88
admin_server = k5admin.slac.stanford.edu
kpasswd_server = k5passwd.slac.stanford.edu
default_domain = slac.stanford.edu
}
WIN.SLAC.STANFORD.EDU = {
kdc = dc01.slac.stanford.edu:88
kdc = dc02.slac.stanford.edu:88
kdc = dc03.slac.stanford.edu:88
master_kdc = dc01.slac.stanford.edu:88
admin_server = dc01.slac.stanford.edu
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
default_domain = win.slac.stanford.edu
}
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
kdc = kerberos-3.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
ISC.ORG = {
kdc = k1.isc.org:88
kdc = k2.isc.org:88
admin_server = k1.isc.org:749
default_domain = isc.org
}
OPENLDAP.ORG = {
kdc = kerberos.openldap.org
default_domain = openldap.org
}
SUCHDAMAGE.ORG = {
kdc = kerberos.suchdamage.org:88
admin_server = kerberos.suchdamage.org:749
default_domain = suchdamage.org
}
VIX.COM = {
kdc = kerberos-0.vix.com:88
kdc = kerberos-1.vix.com:88
kdc = kerberos-2.vix.com:88
admin_server = kerberos-0.vix.com:749
default_domain = vix.com
}
ZEPA.NET = {
kdc = kerberos.zepa.net
kdc = kerberos-too.zepa.net
admin_server = kerberos.zepa.net
}
[domain_realm]
stanford.edu = stanford.edu
.stanford.edu = stanford.edu
.dc.stanford.org = stanford.edu
.sunet = stanford.edu
.eyrie.org = stanford.edu
.killfile.org = stanford.edu
.lpch.net = stanford.edu
.lpch.org = stanford.edu
.oit.duke.edu = stanford.edu
win.stanford.edu = WIN.STANFORD.EDU
.win.stanford.edu = WIN.STANFORD.EDU
atragon.stanford.edu = WIN.STANFORD.EDU
itcert.stanford.edu = WIN.STANFORD.EDU
daper.stanford.edu = IT.WIN.STANFORD.EDU
gsbworkspace.stanford.edu = IT.WIN.STANFORD.EDU
infraappprod.stanford.edu = IT.WIN.STANFORD.EDU
radmed.stanford.edu = IT.WIN.STANFORD.EDU
windows-new.stanford.edu = IT.WIN.STANFORD.EDU
windows.stanford.edu = IT.WIN.STANFORD.EDU
workspace.stanford.edu = IT.WIN.STANFORD.EDU
winuat.stanford.edu = WINUAT.STANFORD.EDU
.winuat.stanford.edu = WINUAT.STANFORD.EDU
msweb2.stanford.edu = EX.MS.STANFORD.EDU
windows-ms.stanford.edu = EX.MS.STANFORD.EDU
nt.stanford.edu = NT.STANFORD.EDU
.nt.stanford.edu = NT.STANFORD.EDU
ntcert1.stanford.edu = NT.STANFORD.EDU
ntweb2.stanford.edu = TYR.NT.STANFORD.EDU
windows-nt.stanford.edu = TYR.NT.STANFORD.EDU
guest.stanford.edu = GUEST.STANFORD.EDU
.guest.stanford.edu = GUEST.STANFORD.EDU
guest-mgmt.stanford.edu = GUEST.STANFORD.EDU
guest-mgmt2.stanford.edu = GUEST.STANFORD.EDU
guestidmweb.stanford.edu = GUEST.STANFORD.EDU
guestuat.stanford.edu = GUESTUAT.STANFORD.EDU
.guestuat.stanford.edu = GUESTUAT.STANFORD.EDU
guestuat-mgmt.stanford.edu = GUESTUAT.STANFORD.EDU
guestuatidmweb.stanford.edu = GUESTUAT.STANFORD.EDU
.slac.stanford.edu = SLAC.STANFORD.EDU
.win.slac.stanford.edu = WIN.SLAC.STANFORD.EDU
.isc.org = ISC.ORG
mit.edu = ATHENA.MIT.EDU
.mit.edu = ATHENA.MIT.EDU
openldap.org = OPENLDAP.ORG
.openldap.org = OPENLDAP.ORG
whoi.edu = ATHENA.MIT.EDU
.whoi.edu = ATHENA.MIT.EDU
.vix.com = VIX.COM
zepa.net = ZEPA.NET
.zepa.net = ZEPA.NET
[logging]
kdc = SYSLOG:NOTICE
admin_server = SYSLOG:NOTICE
default = SYSLOG:NOTICE