Skip to content
Snippets Groups Projects
Select Git revision
  • puppet5 protected
  • puppet5_acs
  • puppet5_bookworm
  • puppet5_bnbarnes
  • erp_rhl
  • puppet5_spinto
  • puppet5-aptrefactor
  • master default protected
  • release/005.012
  • release/latest
  • release/005.010
  • release/005.009
  • release/005.008
  • release/005.007
  • release/005.006
  • release/005.005
  • release/005.004
  • release/005.003
  • release/005.002
  • release/005.001
  • release/005.000
  • release/004.063
  • release/004.062
  • release/004.060
  • release/004.059
  • release/004.058
  • release/004.057
  • release/004.056
28 results
Blame Permalink
krb5.conf.erb 7.76 KiB 
# /etc/krb5.conf -- Kerberos V5 general configuration.
#
# This is the standard Kerberos v5 configuration file for all of our
# servers.  It is based on the Stanford-wide configuration, the canonical
# version of which is in /usr/pubsw/etc/krb5.conf.
#
# This configuration allows any enctypes.  Some systems with really old
# Kerberos software may have to limit to triple-DES and DES.

[appdefaults]
    default_lifetime      = 25hrs
    krb4_convert          = false
    krb4_convert_524      = false

    ksu = {
        forwardable       = false
    }

    pam = {
        minimum_uid       = 100
        search_k5login    = true
        forwardable       = true
    }

    pam-afs-session = {
        minimum_uid       = 100
    }

    libkafs = {
        IR.STANFORD.EDU = {
            afs-use-524   = no
        }
    }

    passwd_change = {
        passwd_file       = /afs/ir.stanford.edu/service/etc/passwd.all
        server            = password-change.stanford.edu
        port              = 4443
        service_principal = service/password-change@stanford.edu
    }

    wallet = {
        wallet_server     = wallet.stanford.edu
    }

[libdefaults]
    default_realm         = stanford.edu
    ticket_lifetime       = 25h
    renew_lifetime        = 7d
    forwardable           = true
    noaddresses           = true
    allow_weak_crypto     = true

[realms]
    stanford.edu = {
<% if @drSite == "yes" %>        kdc            = kerberos-liv.stanford.edu:88
<% end %>        kdc            = krb5auth1.stanford.edu:88
        kdc            = krb5auth2.stanford.edu:88
        kdc            = krb5auth3.stanford.edu:88
        master_kdc     = krb5auth1.stanford.edu:88
        admin_server   = krb5-admin.stanford.edu
        kpasswd_server = krb5-admin.stanford.edu
        default_domain = stanford.edu
        kadmind_port   = 749
    }
    heimdal.stanford.edu = {
        kdc            = kerberos-dev.stanford.edu:88
        master_kdc     = kerberos-dev.stanford.edu:88
        admin_server   = kerberos-dev.stanford.edu
        kpasswd_server = kerberos-dev.stanford.edu