------------------------------------------------- --- /etc/krb5.conf-deb 2009-03-04 14:48:37.000000000 +0100 +++ /etc/krb5.conf 2009-03-04 14:51:23.000000000 +0100 @@ -1,5 +1,5 @@ [libdefaults] - default_realm = ATHENA.MIT.EDU + default_realm = CERN.CH # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf @@ -9,6 +9,10 @@ forwardable = true proxiable = true +# ticket_lifetime = 25h +# renew_lifetime = 120h + + # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new @@ -112,6 +116,33 @@ admin_server = krb5-admin.stanford.edu default_domain = stanford.edu } + CERN.CH = { + default_domain = cern.ch + kpasswd_server = afskrb5m.cern.ch + admin_server = afskrb5m.cern.ch + kdc = afsdb2.cern.ch + kdc = afsdb3.cern.ch + kdc = afsdb1.cern.ch + + v4_name_convert = { + host = { + rcmd = host + } + } + } +; the external institutes info is completely static for now and comes +; straight from the NCM template + FNAL.GOV = { + default_domain = fnal.gov + admin_server = krb-fnal-admin.fnal.gov + kdc = krb-fnal-1.fnal.gov:88 + kdc = krb-fnal-2.fnal.gov:88 + kdc = krb-fnal-3.fnal.gov:88 + } + KFKI.HU = { + kdc = kerberos.kfki.hu + admin_server = kerberos.kfki.hu + } [domain_realm] .mit.edu = ATHENA.MIT.EDU @@ -124,6 +155,9 @@ whoi.edu = ATHENA.MIT.EDU .stanford.edu = stanford.edu .slac.stanford.edu = SLAC.STANFORD.EDU + .cern.ch = CERN.CH + .fnal.gov = FNAL.GOV + .kfki.hu = KFKI.HU [login] krb4_convert = true