# $Id: krb5.conf.in 21754 2007-07-31 21:13:56Z lha $

[libdefaults]
	default_realm = TEST.H5L.SE
	no-addresses = TRUE

[appdefaults]
	pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt

[realms]
	TEST.H5L.SE = {
		kdc = localhost:@port@
		admin_server = localhost:@admport@
	}
	SUB.TEST.H5L.SE = {
		kdc = localhost:@port@
	}
	TEST2.H5L.SE = {
		kdc = localhost:@port@
	}

[domain_realms]
	.sub.test.h5l.se = SUB.TEST.H5L.SE
	localhost = TEST.H5L.SE
	

[kdc]
	enable-digest = true
	digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2

	enable-pkinit = true
	pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
	pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
	pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
#	pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
	pkinit_mappings_file = @srcdir@/pki-mapping
	pkinit_allow_proxy_certificate = true

	database = {
		dbname = @objdir@/current-db@kdc@
		realm = TEST.H5L.SE
		mkey_file = @objdir@/mkey.file
		acl_file = @srcdir@/heimdal.acl
		log_file = @objdir@/current@kdc@.log
	}

	signal_socket = @objdir@/signal
	iprop-stats = @objdir@/iprop-stats
	iprop-acl = @srcdir@/iprop-acl

[logging]
	kdc = 0-/FILE:@objdir@/messages.log
	default = 0-/FILE:@objdir@/messages.log

[kadmin]
	save-password = true