[kdcdefaults]
  kdc_ports = 88
  kdc_tcp_ports = 88

[realms]
  <%= kerberos_realm %> = {
    database_module = ldap.<%= kerberos_realm.downcase %>
    key_stash_file = /srv/kerberos/.k5.<%= kerberos_realm %>
    max_life = 24h 0m 0s
    max_renewable_life = 7d 0h 0m 0s
    master_key_type = aes256-cts-hmac-sha1-96
    supported_enctypes = aes256-cts-hmac-sha1-96:normal
  }

[dbdefaults]
  ldap_kerberos_container_dn = "ou=system,<%= ldap_basedn %>"

[dbmodules]
  ldap.<%= kerberos_realm.downcase %> = {
    db_library = kldap
    ldap_kerberos_container_dn = ou=system,<%= ldap_basedn %>
    ldap_kdc_dn = "uid=krb5admin,ou=system,<%= ldap_basedn %>"
    ldap_kadmind_dn = "uid=krb5admin,ou=system,<%= ldap_basedn %>"
    ldap_service_password_file = "/srv/kerberos/.ldap.<%= kerberos_realm %>"
    ldap_servers = "<%= ldap_server.join(" ") %>"
  }