From 2a918c8a2a735544eeb867687adf3c91c229af49 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 29 Dec 2010 04:31:17 +0100 Subject: Import packaging. --- debian/extras/default | 17 +++++ debian/extras/kadmind.acl | 1 + debian/extras/kdc.conf | 188 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 206 insertions(+) create mode 100644 debian/extras/default create mode 100644 debian/extras/kadmind.acl create mode 100644 debian/extras/kdc.conf (limited to 'debian/extras') diff --git a/debian/extras/default b/debian/extras/default new file mode 100644 index 000000000..6ed54f390 --- /dev/null +++ b/debian/extras/default @@ -0,0 +1,17 @@ +# Do we start the KDC? +KDC_ENABLED=yes +KDC_PARAMS="--config-file=/etc/heimdal-kdc/kdc.conf" + +# the kpasswdd? +KPASSWDD_ENABLED=yes +KPASSWDD_PARAMS="" + +# kprop master? +MASTER_ENABLED=no + +# How about the kprop slave? +SLAVE_ENABLED=no + +# Add at least your master server name here when using iprop-replication +# otherwise it would fail silently. +SLAVE_PARAMS="" diff --git a/debian/extras/kadmind.acl b/debian/extras/kadmind.acl new file mode 100644 index 000000000..e5da87fb5 --- /dev/null +++ b/debian/extras/kadmind.acl @@ -0,0 +1 @@ +#principal [priv1,priv2,...] [glob-pattern] diff --git a/debian/extras/kdc.conf b/debian/extras/kdc.conf new file mode 100644 index 000000000..4464d8b3c --- /dev/null +++ b/debian/extras/kdc.conf @@ -0,0 +1,188 @@ +[logging] +# Specifies that entity should use the specified +# destination for logging. See the krb5_openlog(3) +# manual page for a list of defined destinations. +# +kdc = FILE:/var/log/heimdal-kdc.log +# +# syslog also supported: +# +# kdc = SYSLOG:INFO + +[kdc] + +# database = { +# +# dbname = DATABASENAME +# Use this database for this realm. See +# the info documetation how to configure +# diffrent database backends. +# +# realm = REALM +# Specifies the realm that will be stored +# in this database. It realm isn't set, +# it will used as the default database, +# there can only be one entry that doesn't +# have a realm stanza. +# +# mkey_file = FILENAME +# Use this keytab file for the master key +# of this database. If not specified +# DATABASENAME.mkey will be used. +# +# acl_file = PA FILENAME +# Use this file for the ACL list of this +# database. +# +# log_file = FILENAME +# Use this file as the log of changes per- +# formed to the database. This file is +# used by ipropd-master for propagating +# changes to slaves. +# +# } + +database = { + dbname = /var/lib/heimdal-kdc/heimdal + acl_file = /etc/heimdal-kdc/kadmind.acl +} + +# Maximum size of a kdc request. +# +# max-request = SIZE + +# If set pre-authentication is required. Since krb4 +# requests are not pre-authenticated they will be +# rejected. +# +# require-preauth = BOOL + +# List of ports the kdc should listen to. +# +# ports = list of ports + +# List of addresses the kdc should bind to. +# +# addresses = list of interfaces + +# Should the kdc answer kdc-requests over http. +# +# enable-http = BOOL + +# If this kdc should emulate the AFS kaserver. +# +# enable-kaserver = BOOL + +# Verify the addresses in the tickets used in tgs +# requests. +# +# check-ticket-addresses = BOOL + +# Allow address-less tickets. +# +# allow-null-ticket-addresses = BOOL + +# If the kdc is allowed to hand out anonymous tick- +# ets. +# +# allow-anonymous = BOOL + +# Encode as-rep as tgs-rep tobe compatible with mis- +# takes older DCE secd did. +# encode_as_rep_as_tgs_rep = BOOL + +# The time before expiration that the user should be +# warned that her password is about to expire. +# +# kdc_warn_pwexpire = TIME + +# What type of logging the kdc should use, see also +# [logging]/kdc. +# +# logging = Logging + +# use_2b = { +# +# principal = BOOL +# boolean value if the 524 daemon should +# return AFS 2b tokens for principal. +# +# ... +# +# } + +# If the LDAP backend is used for storing principals, +# this is the structural object that will be used +# when creating and when reading objects. The +# default value is account . +# +# hdb-ldap-structural-object structural object + +# is the dn that will be appended to the principal +# when creating entries. Default value is the search +# dn. +# +# hdb-ldap-create-base creation dn + +[kadmin] + +# If pre-authentication is required to talk to the +# kadmin server. +# +# require-preauth = BOOL + +# If a principal already have its password set for +# expiration, this is the time it will be valid for +# after a change. +# +# password_lifetime = time + +# For each entry in default_keys try to parse it as a +# sequence of etype:salttype:salt syntax of this if +# something like: +# +# [(des|des3|etype):](pw-salt|afs3-salt)[:string] +# +# If etype is omitted it means everything, and if +# string is omitted it means the default salt string +# (for that principal and encryption type). Addi- +# tional special values of keytypes are: +# +# v5 The Kerberos 5 salt pw-salt +# +# v4 The Kerberos 4 salt des:pw-salt: +# +# default_keys = keytypes... + +# When true, this is the same as +# +# default_keys = des3:pw-salt v4 +# +# and is only left for backwards compatibility. +# use_v4_salt = BOOL + +[password-quality] +# Check the Password quality assurance in the info documentation +# for more information. + +# Library name that contains the password check_func- +# tion +# +# check_library = library-name + +# Function name for checking passwords in +# check_library +# +# check_function = function-name + +# List of libraries that can do password policy +# checks +# +# policy_libraries = library1 ... libraryN + +# List of policy names to apply to the password. +# Builtin policies are among other minimum-length, +# character-class, external-check. +# +# policies = policy1 ... policyN + -- cgit v1.2.3