[libdefaults]
  default_realm = <%= @kerberos_realm %>
  dns_lookup_realm = false
<% if @kerberos_kdc.count == 0 -%>
  dns_lookup_kdc = true
<% else -%>
  dns_lookup_kdc = false
<% end -%>
  ticket_lifetime = 24h
  forwardable = yes
<% if @enctypes.count > 0 -%>
  default_tgs_enctypes = <%= @enctypes.join(' ') %>
  default_tkt_enctypes = <%= @enctypes.join(' ') %>
<% end -%>

[domain_realm]
  <%= @kerberos_realm.downcase %> = <%= @kerberos_realm %>
  .<%= @kerberos_realm.downcase %> = <%= @kerberos_realm %>

[realms]
  <%= @kerberos_realm -%> = {
<% @kerberos_kdc.each do |kdc| -%>
    kdc = <%= kdc %>
<% end -%>
<% if @kerberos_kadmin -%>
    admin_server = <%= @kerberos_kadmin %>
<% end -%>
<% if @kerberos_kpasswd -%>
    kpasswd_server = <%= @kerberos_kpasswd %>
<% end -%>
  }

<% if @kernel == 'Linux' -%>
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
<% end -%>