krb5.conf

; AD  : This Kerberos configuration is for CERN's Active Directory realm
; The line above this is magic and is used by cern-config-keytab. Do
; not remove.

; Installed with puppet from a series of
; template fragments.

; /etc/krb5.conf

[libdefaults]
 default_realm = CERN.CH
 ticket_lifetime = 25h
 renew_lifetime = 120h
 forwardable = true 
 proxiable = true
 default_tkt_enctypes = arcfour-hmac-md5 aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc
 chpw_prompt = true
 allow_weak_crypto = true
 

[appdefaults]
pam = {
         external = true
         krb4_convert = false
         krb4_convert_524 = false
         krb4_use_as_req = false
}

[domain_realm]
.cern.ch = CERN.CH
.fnal.gov = FNAL.GOV
.hep.man.ac.uk = HEP.MAN.AC.UK
.in2p3.fr = IN2P3.FR
# No default domain for KFKI.HU specified.

[realms]
# Start of puppet output for CERN.CH
 CERN.CH  = {
  default_domain = cern.ch
  kpasswd_server = cerndc.cern.ch
  admin_server = cerndc.cern.ch
   kdc = cerndc.cern.ch
    v4_name_convert = {
     host = {
        rcmd = host
     }
   }
 }


# Start of puppet output for FNAL.GOV
 FNAL.GOV  = {
  default_domain = fnal.gov
  admin_server = krb-fnal-admin.fnal.gov
   kdc = krb-fnal-1.fnal.gov:88
   kdc = krb-fnal-2.fnal.gov:88
   kdc = krb-fnal-3.fnal.gov:88
 }


# Start of puppet output for HEP.MAN.AC.UK
 HEP.MAN.AC.UK  = {
  default_domain = hep.man.ac.uk
  kpasswd_server = afs4.hep.man.ac.uk
  admin_server = afs4.hep.man.ac.uk
   kdc = afs1.hep.man.ac.uk
   kdc = afs2.hep.man.ac.uk
   kdc = afs3.hep.man.ac.uk
   kdc = afs4.hep.man.ac.uk
 }


# Start of puppet output for IN2P3.FR
 IN2P3.FR  = {
  default_domain = in2p3.fr
  kpasswd_server = kerberos-admin.in2p3.fr
  admin_server = kerberos-admin.in2p3.fr
   kdc = kerberos-1.in2p3.fr
   kdc = kerberos-2.in2p3.fr
   kdc = kerberos-3.in2p3.fr
 }


# Start of puppet output for KFKI.HU
 KFKI.HU  = {
  admin_server = kerberos.kfki.hu
   kdc = kerberos.hkfi.hu
 }