24 lines
943 B
Django/Jinja
24 lines
943 B
Django/Jinja
[libdefaults]
|
|
default_realm = {{ kerberos_realm }}
|
|
|
|
[realms]
|
|
{{ kerberos_realm }} = {
|
|
database_module = ldap.{{ kerberos_realm|lower() }}
|
|
key_stash_file = "/var/kerberos/krb5kdc/.k5.{{ kerberos_realm }}"
|
|
max_lifetime = 24h 0m 0s
|
|
max_renewable_life = 7d 0h 0m 0s
|
|
master_key_type = aes256-cts-hmac-sha1-96
|
|
supported_enctypes = aes256-cts-hmac-sha1-96:normal
|
|
}
|
|
|
|
[dbmodules]
|
|
ldap.{{ kerberos_realm|lower() }} = {
|
|
db_library = kldap
|
|
disable_last_success = true
|
|
disable_lockout = true
|
|
ldap_kerberos_container_dn = "ou=System,{{ ldap_basedn }}"
|
|
ldap_kdc_dn = "uid=krb5kdc,cn={{ kerberos_realm }},ou=System,{{ ldap_basedn }}"
|
|
ldap_kadmind_dn = "uid=krb5kadmin,cn={{ kerberos_realm }},ou=System,{{ ldap_basedn }}"
|
|
ldap_service_password_file = "/var/kerberos/krb5kdc/.k5.ldap.{{ kerberos_realm|lower() }}"
|
|
ldap_servers = "{% for item in ldap_server %}ldaps://{{ item }} {% endfor %}"
|
|
}
|