2 kdc = FILE:/var/log/kerberos/krb5kdc.log
3 admin_server = FILE:/var/log/kerberos/kadmin.log
4 default = FILE:/var/log/kerberos/krb5lib.log
7 default_realm = <%= node['krb5']['libdefaults']['default_realm'] %>
9 # The following krb5.conf variables are only for MIT Kerberos.
10 krb4_config = /etc/krb.conf
11 krb4_realms = /etc/krb.realms
17 # The following encryption type specification will be used by MIT Kerberos
18 # if uncommented. In general, the defaults in the MIT Kerberos code are
19 # correct and overriding these specifications only serves to disable new
20 # encryption types as they are added, creating interoperability problems.
22 # Thie only time when you might need to uncomment these lines and change
23 # the enctypes is if you have local software that will break on ticket
24 # caches containing ticket encryption types it doesn't know about (such as
25 # old versions of Sun Java).
27 # default_tgs_enctypes = des3-hmac-sha1
28 # default_tkt_enctypes = des3-hmac-sha1
29 # permitted_enctypes = des3-hmac-sha1
31 allow_weak_crypto = <%= node['krb5']['libdefaults']['allow_weak_crypto'] %>
33 default_tgs_enctypes = node['krb5']['libdefaults']['default_tgs_enctypes']
34 if !default_tgs_enctypes.nil? && !default_tgs_enctypes.empty? then
36 default_tgs_enctypes = <%= default_tgs_enctypes %>
39 default_tkt_enctypes = node['krb5']['libdefaults']['default_tkt_enctypes']
40 if !default_tkt_enctypes.nil? && !default_tkt_enctypes.empty? then
42 default_tkt_enctypes = <%= default_tkt_enctypes %>
45 permitted_enctypes = node['krb5']['libdefaults']['permitted_enctypes']
46 if !permitted_enctypes.nil? && !permitted_enctypes.empty? then
48 permitted_enctypes = <%= permitted_enctypes %>
51 # The following libdefaults parameters are only for Heimdal Kerberos.
52 v4_instance_resolve = false
59 something = something-else
62 fcc-mit-ticketflags = true
66 node['krb5']['realms'].each do |name, configs|
70 configs.each do |key, value|
72 value.each do |kdc| %>
76 elsif key == 'admin_server' then
78 admin_server = <%= value %>
89 <% node['krb5']['domain_realms'].each do |domain_realm| %>
95 krb4_get_tickets = false