[libdefaults]
  default_realm = <%= kerberos_realm %>
  dns_lookup_realm = false
  dns_lookup_kdc = false
  ticket_lifetime = 24h
  forwardable = yes

[domain_realm]
  <%= kerberos_realm.downcase %> = <%= kerberos_realm %>
  .<%= kerberos_realm.downcase %> = <%= kerberos_realm %>

[realms]
  <%= kerberos_realm -%> = {
<% kerberos_kdc.each do |kdc| -%>
    kdc = <%= kdc %>
<% end -%>
    admin_server = <% if has_variable?('kerberos_kadmin') %><%= kerberos_kadmin %><% else %><%= kerberos_kdc[0] %><% end %>
<% if has_variable?('kerberos_kpasswd') -%>
    kpasswd_server = <%= kerberos_kpasswd %>
<% end -%>
  }

<% if kernel == 'Linux' -%>
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
<% end -%>