# /etc/krb5.conf -- Kerberos V5 general configuration. # $Id$ # # This is the Computer Science Department default Kerberos v5 configuration # file. The official copy is in the CSD subversion repository, at # file:///afs/cs.stanford.edu/dept/svn/puppet/modules/kerberos/files/krb5.conf # # This configuration allows any enctypes. Some systems with really old # Kerberos software may have to limit to triple-DES and DES. # vim: ts=3 sts=3 sw=3 softtabstop=3 [appdefaults] default_lifetime = 3d krb4_convert = false krb4_convert_524 = false ksu = { forwardable = false } pam = { debug = false search_k5login = true afs_cells = cs.stanford.edu forwardable = true } kinit = { krb_run_aklog = true krb4_convert = false } libkafs = { IR.STANFORD.EDU = { afs-use-524 = no } } lpd = { default_domain = stanford.edu } wallet = { wallet_server = wallet.stanford.edu } [libdefaults] default_realm = CS.STANFORD.EDU ticket_lifetime = 3d renew_lifetime = 30d forwardable = true noaddresses = true allow_weak_crypto = true [realms] stanford.edu = { kdc = krb5auth1.stanford.edu:88 kdc = krb5auth2.stanford.edu:88 kdc = krb5auth3.stanford.edu:88 master_kdc = krb5auth1.stanford.edu:88 admin_server = krb5-admin.stanford.edu default_domain = stanford.edu kadmind_port = 749 } WIN.STANFORD.EDU = { kdc = mothra.win.stanford.edu:88 kdc = rodan.win.stanford.edu:88 kpasswd_server = mothra.win.stanford.edu } MS.STANFORD.EDU = { kdc = msdc0.ms.stanford.edu:88 kdc = msdc1.ms.stanford.edu:88 kpasswd_server = msdc0.ms.stanford.edu } NT.STANFORD.EDU = { kdc = ntdc2.nt.stanford.edu:88 kdc = ntdc3.nt.stanford.edu:88 kpasswd_server = ntdc2.nt.stanford.edu } CS.STANFORD.EDU = { kdc = kdc1.cs.stanford.edu:88 kdc = kdc2.cs.stanford.edu:88 kdc = kdc3.cs.stanford.edu:88 master_kdc = kdc1.cs.stanford.edu:88 admin_server = kdc1.cs.stanford.edu:749 } SLAC.STANFORD.EDU = { kdc = k5auth1.slac.stanford.edu:88 kdc = k5auth2.slac.stanford.edu:88 kdc = k5auth3.slac.stanford.edu:88 admin_server = k5admin.slac.stanford.edu kpasswd_server = k5passwd.slac.stanford.edu default_domain = slac.stanford.edu } WIN.SLAC.STANFORD.EDU = { kdc = winmaster2.win.slac.stanford.edu default_domain = win.slac.stanford.edu } GUEST.STANFORD.EDU = { kdc = guestdc0.guest.stanford.edu:88 kdc = guestdc1.guest.stanford.edu:88 kpasswd_server = guestdc0.guest.stanford.edu default_domain = guest.stanford.edu } GUESTUAT.STANFORD.EDU = { kdc = guestuatdc0.guestuat.stanford.edu:88 kdc = guestuatdc1.guestuat.stanford.edu:88 kpasswd_server = guestuatdc0.guestuat.stanford.edu default_domain = guestuat.stanford.edu } ATHENA.MIT.EDU = { kdc = kerberos.mit.edu:88 kdc = kerberos-1.mit.edu:88 kdc = kerberos-2.mit.edu:88 kdc = kerberos-3.mit.edu:88 admin_server = kerberos.mit.edu default_domain = mit.edu } ISC.ORG = { kdc = k1.isc.org:88 kdc = k2.isc.org:88 admin_server = k1.isc.org:749 default_domain = isc.org } OPENLDAP.ORG = { kdc = kerberos.openldap.org default_domain = openldap.org } SUCHDAMAGE.ORG = { kdc = kerberos.suchdamage.org:88 admin_server = kerberos.suchdamage.org:749 default_domain = suchdamage.org } VIX.COM = { kdc = kerberos-0.vix.com:88 kdc = kerberos-1.vix.com:88 kdc = kerberos-2.vix.com:88 admin_server = kerberos-0.vix.com:749 default_domain = vix.com } ZEPA.NET = { kdc = kerberos.zepa.net kdc = kerberos-too.zepa.net admin_server = kerberos.zepa.net } [domain_realm] .stanford.edu = CS.STANFORD.EDU cs.stanford.edu = CS.STANFORD.EDU .dc.stanford.org = stanford.edu .sunet = stanford.edu .eyrie.org = stanford.edu .killfile.org = stanford.edu .lpch.net = stanford.edu .lpch.org = stanford.edu .oit.duke.edu = stanford.edu win.stanford.edu = WIN.STANFORD.EDU .win.stanford.edu = WIN.STANFORD.EDU daper.stanford.edu = IT.WIN.STANFORD.EDU gsbworkspace.stanford.edu = IT.WIN.STANFORD.EDU infraappprod.stanford.edu = IT.WIN.STANFORD.EDU radmed.stanford.edu = IT.WIN.STANFORD.EDU windows-new.stanford.edu = IT.WIN.STANFORD.EDU windows.stanford.edu = IT.WIN.STANFORD.EDU workspace.stanford.edu = IT.WIN.STANFORD.EDU ms.stanford.edu = MS.STANFORD.EDU .ms.stanford.edu = MS.STANFORD.EDU nt.stanford.edu = NT.STANFORD.EDU .nt.stanford.edu = NT.STANFORD.EDU guest.stanford.edu = GUEST.STANFORD.EDU .guest.stanford.edu = GUEST.STANFORD.EDU guest-mgmt.stanford.edu = GUEST.STANFORD.EDU guestidmweb.stanford.edu = GUEST.STANFORD.EDU guestuat.stanford.edu = GUESTUAT.STANFORD.EDU .guestuat.stanford.edu = GUESTUAT.STANFORD.EDU guestuat-mgmt.stanford.edu = GUESTUAT.STANFORD.EDU guestuatidmweb.stanford.edu = GUESTUAT.STANFORD.EDU .slac.stanford.edu = SLAC.STANFORD.EDU .isc.org = ISC.ORG mit.edu = ATHENA.MIT.EDU .mit.edu = ATHENA.MIT.EDU openldap.org = OPENLDAP.ORG .openldap.org = OPENLDAP.ORG whoi.edu = ATHENA.MIT.EDU .whoi.edu = ATHENA.MIT.EDU .vix.com = VIX.COM zepa.net = ZEPA.NET .zepa.net = ZEPA.NET ldap-lb.stanford.edu = stanford.edu ldap.stanford.edu = stanford.edu ldap1.stanford.edu = stanford.edu ldap2.stanford.edu = stanford.edu ldap3.stanford.edu = stanford.edu ldap4.stanford.edu = stanford.edu ldap5.stanford.edu = stanford.edu ldap6.stanford.edu = stanford.edu [logging] kdc = SYSLOG:NOTICE admin_server = SYSLOG:NOTICE default = SYSLOG:NOTICE