# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/

[logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

[libdefaults]
    default_realm = MON.DOMAINE.FR
    dns_lookup_realm = false
    #dns_lookup_realm = true
    #dns_lookup_kdc = true

    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
    spake_preauth_groups = edwards25519
    #dns_canonicalize_hostname = fallback
    dns_canonicalize_hostname = true
    qualify_shortname = ""
    default_ccache_name = KEYRING:persistent:%{uid}
    default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 rc4-hmac
    default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 rc4-hmac
    permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 rc4-hmac
    udp_preference_limit = 0

[realms]

MON.DOMAINE.FR = {
    kdc     =   serveurad01.MON.DOMAINE.FR
    kdc     =   serveurad02.MON.DOMAINE.FR
    admin_server = serveurad01.MON.DOMAINE.FR
}

# EXAMPLE.COM = {
#     kdc = kerberos.example.com
#     admin_server = kerberos.example.com
# }

[domain_realm]
#.MON.DOMAINE.FR = MON.DOMAINE.FR
#MON.DOMAINE.FR = MON.DOMAINE.FR

# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM