Import packaging.

3 files changed, 206 insertions, 0 deletions

diff --git a/debian/extras/default b/debian/extras/default
new file mode 100644
index 000000000..6ed54f390
--- /dev/null
+++ b/debian/extras/default
@@ -0,0 +1,17 @@
+# Do we start the KDC?
+KDC_ENABLED=yes
+KDC_PARAMS="--config-file=/etc/heimdal-kdc/kdc.conf"
+
+# the kpasswdd?
+KPASSWDD_ENABLED=yes
+KPASSWDD_PARAMS=""
+
+# kprop master?
+MASTER_ENABLED=no
+
+# How about the kprop slave?
+SLAVE_ENABLED=no
+
+# Add at least your master server name here when using iprop-replication
+# otherwise it would fail silently.
+SLAVE_PARAMS=""
diff --git a/debian/extras/kadmind.acl b/debian/extras/kadmind.acl
new file mode 100644
index 000000000..e5da87fb5
--- /dev/null
+++ b/debian/extras/kadmind.acl
@@ -0,0 +1 @@
+#principal       [priv1,priv2,...]       [glob-pattern]
diff --git a/debian/extras/kdc.conf b/debian/extras/kdc.conf
new file mode 100644
index 000000000..4464d8b3c
--- /dev/null
+++ b/debian/extras/kdc.conf
@@ -0,0 +1,188 @@
+[logging]
+# Specifies that entity should use the specified
+# destination for logging.  See the krb5_openlog(3)
+# manual page for a list of defined destinations.
+#
+kdc = FILE:/var/log/heimdal-kdc.log
+#
+# syslog also supported:
+#
+# kdc = SYSLOG:INFO
+
+[kdc]
+
+# database = {
+#
+#  dbname = DATABASENAME
+#       Use this database for this realm.  See
+#       the info documetation how to configure
+#       diffrent database backends.
+#
+#  realm = REALM
+#       Specifies the realm that will be stored
+#       in this database.  It realm isn't set,
+#       it will used as the default database,
+#       there can only be one entry that doesn't
+#       have a realm stanza.
+#
+#  mkey_file = FILENAME
+#       Use this keytab file for the master key
+#       of this database.  If not specified
+#       DATABASENAME.mkey will be used.
+#
+#  acl_file = PA FILENAME
+#       Use this file for the ACL list of this
+#       database.
+#
+#  log_file = FILENAME
+#       Use this file as the log of changes per-
+#       formed to the database.  This file is
+#       used by ipropd-master for propagating
+#       changes to slaves.
+#
+# }
+
+database = {
+  dbname = /var/lib/heimdal-kdc/heimdal
+  acl_file = /etc/heimdal-kdc/kadmind.acl
+}
+
+# Maximum size of a kdc request.
+#
+# max-request = SIZE
+
+# If set pre-authentication is required.  Since krb4
+# requests are not pre-authenticated they will be
+# rejected.
+#
+# require-preauth = BOOL
+
+# List of ports the kdc should listen to.
+#
+# ports = list of ports
+
+# List of addresses the kdc should bind to.
+#
+# addresses = list of interfaces
+
+# Should the kdc answer kdc-requests over http.
+#
+# enable-http = BOOL
+
+# If this kdc should emulate the AFS kaserver.
+#
+# enable-kaserver = BOOL
+
+# Verify the addresses in the tickets used in tgs
+# requests.
+#
+# check-ticket-addresses = BOOL
+
+# Allow address-less tickets.
+#
+# allow-null-ticket-addresses = BOOL
+
+# If the kdc is allowed to hand out anonymous tick-
+# ets.
+#
+# allow-anonymous = BOOL
+
+# Encode as-rep as tgs-rep tobe compatible with mis-
+# takes older DCE secd did.
+# encode_as_rep_as_tgs_rep = BOOL
+
+# The time before expiration that the user should be
+# warned that her password is about to expire.
+#
+# kdc_warn_pwexpire = TIME
+
+# What type of logging the kdc should use, see also
+# [logging]/kdc.
+#
+# logging = Logging
+
+# use_2b = {
+#
+#  principal = BOOL
+#       boolean value if the 524 daemon should
+#       return AFS 2b tokens for principal.
+#
+#  ...
+#
+# }
+
+# If the LDAP backend is used for storing principals,
+# this is the structural object that will be used
+# when creating and when reading objects.  The
+# default value is account .
+#
+# hdb-ldap-structural-object structural object
+
+# is the dn that will be appended to the principal
+# when creating entries.  Default value is the search
+# dn.
+#
+# hdb-ldap-create-base creation dn
+
+[kadmin]
+
+# If pre-authentication is required to talk to the
+# kadmin server.
+#
+# require-preauth = BOOL
+
+# If a principal already have its password set for
+# expiration, this is the time it will be valid for
+# after a change.
+#
+# password_lifetime = time
+
+# For each entry in default_keys try to parse it as a
+# sequence of etype:salttype:salt syntax of this if
+# something like:
+#
+# [(des|des3|etype):](pw-salt|afs3-salt)[:string]
+#
+# If etype is omitted it means everything, and if
+# string is omitted it means the default salt string
+# (for that principal and encryption type).  Addi-
+# tional special values of keytypes are:
+#
+#  v5   The Kerberos 5 salt pw-salt
+#
+#  v4   The Kerberos 4 salt des:pw-salt:
+#
+# default_keys = keytypes...
+
+# When true, this is the same as
+# 
+# default_keys = des3:pw-salt v4
+# 
+# and is only left for backwards compatibility.
+# use_v4_salt = BOOL
+
+[password-quality]
+# Check the Password quality assurance in the info documentation
+# for more information.
+
+# Library name that contains the password check_func-
+# tion
+#
+# check_library = library-name
+
+# Function name for checking passwords in
+# check_library
+#
+# check_function = function-name
+
+# List of libraries that can do password policy
+# checks
+#
+# policy_libraries = library1 ... libraryN
+
+# List of policy names to apply to the password.
+# Builtin policies are among other minimum-length,
+# character-class, external-check.
+#
+# policies = policy1 ... policyN
+