summaryrefslogtreecommitdiff
path: root/source/n/krb5/conf
diff options
context:
space:
mode:
Diffstat (limited to 'source/n/krb5/conf')
-rw-r--r--source/n/krb5/conf/kadmind2
-rw-r--r--source/n/krb5/conf/kdc.conf.example35
-rw-r--r--source/n/krb5/conf/kpropd2
-rw-r--r--source/n/krb5/conf/krb5.conf.example29
-rw-r--r--source/n/krb5/conf/krb5kdc2
-rw-r--r--source/n/krb5/conf/rc.kadmind40
-rw-r--r--source/n/krb5/conf/rc.kpropd41
-rw-r--r--source/n/krb5/conf/rc.krb5kdc41
8 files changed, 192 insertions, 0 deletions
diff --git a/source/n/krb5/conf/kadmind b/source/n/krb5/conf/kadmind
new file mode 100644
index 00000000..5913ac12
--- /dev/null
+++ b/source/n/krb5/conf/kadmind
@@ -0,0 +1,2 @@
+# To set additional options for kadmind, add them in the variable below:
+KADMIND_OPTIONS=""
diff --git a/source/n/krb5/conf/kdc.conf.example b/source/n/krb5/conf/kdc.conf.example
new file mode 100644
index 00000000..1c7cc3a9
--- /dev/null
+++ b/source/n/krb5/conf/kdc.conf.example
@@ -0,0 +1,35 @@
+[kdcdefaults]
+ kdc_listen = 88
+ kdc_tcp_listen = 88
+
+[realms]
+ ATHENA.MIT.EDU = {
+ kadmind_port = 749
+ max_life = 12h 0m 0s
+ max_renewable_life = 7d 0h 0m 0s
+ master_key_type = aes256-cts-hmac-sha1-96
+ supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal
+ database_module = openldap_ldapconf
+ }
+
+[logging]
+ kdc = FILE:/var/kerberos/krb5kdc/kdc.log
+ admin_server = FILE:/var/kerberos/krb5kdc/kadmin.log
+
+[dbdefaults]
+ ldap_kerberos_container_dn = cn=krbcontainer,dc=mit,dc=edu
+
+[dbmodules]
+ openldap_ldapconf = {
+ db_library = kldap
+ disable_last_success = true
+ ldap_kdc_dn = "cn=krbadmin,dc=mit,dc=edu"
+ # this object needs to have read rights on
+ # the realm container and principal subtrees
+ ldap_kadmind_dn = "cn=krbadmin,dc=mit,dc=edu"
+ # this object needs to have read and write rights on
+ # the realm container and principal subtrees
+ ldap_service_password_file = /etc/kerberos/service.keyfile
+ ldap_servers = ldaps://kerberos.mit.edu
+ ldap_conns_per_server = 5
+ }
diff --git a/source/n/krb5/conf/kpropd b/source/n/krb5/conf/kpropd
new file mode 100644
index 00000000..cc65d10b
--- /dev/null
+++ b/source/n/krb5/conf/kpropd
@@ -0,0 +1,2 @@
+# To set additional options for kpropd, add them in the variable below:
+KPROPD_OPTIONS=""
diff --git a/source/n/krb5/conf/krb5.conf.example b/source/n/krb5/conf/krb5.conf.example
new file mode 100644
index 00000000..705e7cf3
--- /dev/null
+++ b/source/n/krb5/conf/krb5.conf.example
@@ -0,0 +1,29 @@
+[libdefaults]
+ default_realm = ATHENA.MIT.EDU
+ dns_lookup_kdc = true
+ dns_lookup_realm = false
+
+[realms]
+ ATHENA.MIT.EDU = {
+ kdc = kerberos.mit.edu
+ kdc = kerberos-1.mit.edu
+ kdc = kerberos-2.mit.edu
+ admin_server = kerberos.mit.edu
+ master_kdc = kerberos.mit.edu
+ }
+ EXAMPLE.COM = {
+ kdc = kerberos.example.com
+ kdc = kerberos-1.example.com
+ admin_server = kerberos.example.com
+ }
+
+[domain_realm]
+ mit.edu = ATHENA.MIT.EDU
+
+[capaths]
+ ATHENA.MIT.EDU = {
+ EXAMPLE.COM = .
+ }
+ EXAMPLE.COM = {
+ ATHENA.MIT.EDU = .
+ }
diff --git a/source/n/krb5/conf/krb5kdc b/source/n/krb5/conf/krb5kdc
new file mode 100644
index 00000000..6679d1b8
--- /dev/null
+++ b/source/n/krb5/conf/krb5kdc
@@ -0,0 +1,2 @@
+# To set additional options for krb5kdc, add them in the variable below:
+KRB5KDC_OPTIONS=""
diff --git a/source/n/krb5/conf/rc.kadmind b/source/n/krb5/conf/rc.kadmind
new file mode 100644
index 00000000..2f838a7c
--- /dev/null
+++ b/source/n/krb5/conf/rc.kadmind
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Start the Kerberos administration server. This typically runs on the
+# master Kerberos server, which stores the KDC database.
+
+# To change the default options, edit /etc/default/kadmind.
+if [ -r /etc/default/kadmind ]; then
+ . /etc/default/kadmind
+fi
+
+start_atd() {
+ if ! /usr/bin/pgrep --ns $$ --euid root -f "^/usr/sbin/kadmind" 1> /dev/null 2> /dev/null ; then
+ echo "Starting kadmind: /usr/sbin/kadmind $KADMIND_OPTIONS"
+ /usr/sbin/kadmind $KADMIND_OPTIONS
+ fi
+}
+
+stop_atd() {
+ echo "Stopping kadmind."
+ /usr/bin/pkill --ns $$ --euid root -f "^/usr/sbin/kadmind" 2> /dev/null
+}
+
+restart_atd() {
+ stop_atd
+ sleep 1
+ start_atd
+}
+
+case "$1" in
+'start')
+ start_atd
+ ;;
+'stop')
+ stop_atd
+ ;;
+'restart')
+ restart_atd
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
diff --git a/source/n/krb5/conf/rc.kpropd b/source/n/krb5/conf/rc.kpropd
new file mode 100644
index 00000000..8dde85d8
--- /dev/null
+++ b/source/n/krb5/conf/rc.kpropd
@@ -0,0 +1,41 @@
+#!/bin/sh
+# Start the Kerberos V5 slave KDC update server. This runs on a slave
+# (secondary) KDC server. It allows the master Kerberos server to use
+# kprop(8) to propagate its database to the slave servers.
+
+# To change the default options, edit /etc/default/kpropd.
+if [ -r /etc/default/kpropd ]; then
+ . /etc/default/kpropd
+fi
+
+start_atd() {
+ if ! /usr/bin/pgrep --ns $$ --euid root -f "^/usr/sbin/kpropd" 1> /dev/null 2> /dev/null ; then
+ echo "Starting kpropd: /usr/sbin/kpropd $KPROPD_OPTIONS"
+ /usr/sbin/kpropd $KPROPD_OPTIONS
+ fi
+}
+
+stop_atd() {
+ echo "Stopping kpropd."
+ /usr/bin/pkill --ns $$ --euid root -f "^/usr/sbin/kpropd" 2> /dev/null
+}
+
+restart_atd() {
+ stop_atd
+ sleep 1
+ start_atd
+}
+
+case "$1" in
+'start')
+ start_atd
+ ;;
+'stop')
+ stop_atd
+ ;;
+'restart')
+ restart_atd
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
diff --git a/source/n/krb5/conf/rc.krb5kdc b/source/n/krb5/conf/rc.krb5kdc
new file mode 100644
index 00000000..5e9baef1
--- /dev/null
+++ b/source/n/krb5/conf/rc.krb5kdc
@@ -0,0 +1,41 @@
+#!/bin/sh
+# Start krb5kdc, which is the Kerberos version 5 Authentication Service
+# and Key Distribution Center (AS/KDC). This needs to run first on both
+# master and secondary KDCs.
+
+# To change the default options, edit /etc/default/krb5kdc.
+if [ -r /etc/default/krb5kdc ]; then
+ . /etc/default/krb5kdc
+fi
+
+start_atd() {
+ if ! /usr/bin/pgrep --ns $$ --euid root -f "^/usr/sbin/krb5kdc" 1> /dev/null 2> /dev/null ; then
+ echo "Starting krb5kdc: /usr/sbin/krb5kdc $KRB5KDC_OPTIONS"
+ /usr/sbin/krb5kdc $KRB5KDC_OPTIONS
+ fi
+}
+
+stop_atd() {
+ echo "Stopping krb5kdc."
+ /usr/bin/pkill --ns $$ --euid root -f "^/usr/sbin/krb5kdc" 2> /dev/null
+}
+
+restart_atd() {
+ stop_atd
+ sleep 1
+ start_atd
+}
+
+case "$1" in
+'start')
+ start_atd
+ ;;
+'stop')
+ stop_atd
+ ;;
+'restart')
+ restart_atd
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-05 21:29:29 +0000