[libdefaults]
	default_realm = TEST.H5L.SE TEST2.H5L.SE
	no-addresses = TRUE
	allow_weak_crypto = true
	dns_lookup_kdc = no
	dns_lookup_realm = no


[appdefaults]
	pkinit_anchors = FILE:/jenkins/jobs/oi-userland/workspace/components/library/heimdal/heimdal-7.8.0/tests/kdc/../../lib/hx509/data/ca.crt
	reconnect-min = 2s
	reconnect-backoff = 2s
	reconnect-max = 10s

[realms]
	TEST.H5L.SE = {
		kdc = localhost:49188
		admin_server = localhost:49189
		kpasswd_server = localhost:49190
	}
	SUB.TEST.H5L.SE = {
		kdc = localhost:49188
	}
	TEST2.H5L.SE = {
		kdc = localhost:49188
		kpasswd_server = localhost:49190
	}
	TEST3.H5L.SE = {
		kdc = localhost:49188
	}
	TEST4.H5L.SE = {
		kdc = localhost:49188
	}
	SOME-REALM5.FR = {
		kdc = localhost:49188
	}
	SOME-REALM6.US = {
		kdc = localhost:49188
	}
	SOME-REALM7.UK = {
		kdc = localhost:49188
	}
	SOME-REALM8.UK = {
		kdc = localhost:49188
	}
	TEST-HTTP.H5L.SE = {
		kdc = http/localhost:49188
	}
	H1.TEST.H5L.SE = {
		kdc = localhost:49188
	}
	H2.TEST.H5L.SE = {
		kdc = localhost:49188
	}
	H3.H2.TEST.H5L.SE = {
		kdc = localhost:49188
	}
	H4.H2.TEST.H5L.SE = {
		kdc = localhost:49188
	}

[domain_realm]
	.test.h5l.se = TEST.H5L.SE
	.sub.test.h5l.se = SUB.TEST.H5L.SE
	.h1.test.h5l.se = H1.TEST.H5L.SE
	.h2.test.h5l.se = H2.TEST.H5L.SE
	.h3.h2.test.h5l.se = H3.H2.TEST.H5L.SE
	.h4.h2.test.h5l.se = H4.H2.TEST.H5L.SE
	.example.com = TEST2.H5L.SE
	localhost = TEST.H5L.SE
	.localdomain = TEST.H5L.SE
	localdomain = TEST.H5L.SE
	.localdomain6 = TEST.H5L.SE
	localdomain6 = TEST.H5L.SE
	

[kdc]
	enable-digest = true
	allow-anonymous = true
	digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
        strict-nametypes = true

	enable-http = true

	enable-pkinit = true
	pkinit_identity = FILE:/jenkins/jobs/oi-userland/workspace/components/library/heimdal/heimdal-7.8.0/tests/kdc/../../lib/hx509/data/kdc.crt,/jenkins/jobs/oi-userland/workspace/components/library/heimdal/heimdal-7.8.0/tests/kdc/../../lib/hx509/data/kdc.key
	pkinit_anchors = FILE:/jenkins/jobs/oi-userland/workspace/components/library/heimdal/heimdal-7.8.0/tests/kdc/../../lib/hx509/data/ca.crt
	pkinit_pool = FILE:/jenkins/jobs/oi-userland/workspace/components/library/heimdal/heimdal-7.8.0/tests/kdc/../../lib/hx509/data/sub-ca.crt
#	pkinit_revoke = CRL:/jenkins/jobs/oi-userland/workspace/components/library/heimdal/heimdal-7.8.0/tests/kdc/../../lib/hx509/data/crl1.crl
	pkinit_mappings_file = /jenkins/jobs/oi-userland/workspace/components/library/heimdal/heimdal-7.8.0/tests/kdc/pki-mapping
	pkinit_allow_proxy_certificate = true

	database = {
		label = { 
			dbname = lmdb:../../tests/kdc/current-db.slave2
			realm = TEST.H5L.SE
			mkey_file = ../../tests/kdc/mkey.file
			acl_file = /jenkins/jobs/oi-userland/workspace/components/library/heimdal/heimdal-7.8.0/tests/kdc/heimdal.acl
			log_file = ../../tests/kdc/current.slave2.log
		}
		label2 = { 
			dbname = lmdb:../../tests/kdc/current-db.slave2
			realm = TEST2.H5L.SE
			mkey_file = ../../tests/kdc/mkey.file
			acl_file = /jenkins/jobs/oi-userland/workspace/components/library/heimdal/heimdal-7.8.0/tests/kdc/heimdal.acl
			log_file = ../../tests/kdc/current.slave2.log
		}
		label3 = { 
			dbname = sqlite:../../tests/kdc/current-db.slave2.sqlite3
			realm = SOME-REALM5.FR
			mkey_file = ../../tests/kdc/mkey.file
			acl_file = /jenkins/jobs/oi-userland/workspace/components/library/heimdal/heimdal-7.8.0/tests/kdc/heimdal.acl
			log_file = ../../tests/kdc/current.slave2.log
		}
	}

	signal_socket = ../../tests/kdc/signal
	iprop-stats = ../../tests/kdc/iprop-stats
	iprop-acl = /jenkins/jobs/oi-userland/workspace/components/library/heimdal/heimdal-7.8.0/tests/kdc/iprop-acl
        log-max-size = 40000

[hdb]
	db-dir = ../../tests/kdc

[logging]
	kdc = 0-/FILE:../../tests/kdc/messages.log
	krb5 = 0-/FILE:../../tests/kdc/messages.log
	default = 0-/FILE:../../tests/kdc/messages.log

# If you are doing preformance measurements on OSX you want to change
# the kdc LOG line from = to - below to keep the FILE open and avoid
# open/write/close which is blocking (rdar:// ) on OSX.
#	kdc = 0-/FILE=../../tests/kdc/messages.log

[kadmin]
	save-password = true
	default_key_rules = {
		*/des3-only@* = des3-cbc-sha1:pw-salt
		*/aes-only@* = aes256-cts-hmac-sha1-96:pw-salt
	}
	

[capaths]
	TEST.H5L.SE = {
		TEST2.H5L.SE = .
		SOME-REALM5.FR = 1
		TEST3.H5L.SE = TEST2.H5L.SE
		TEST4.H5L.SE = TEST2.H5L.SE
		TEST4.H5L.SE = TEST3.H5L.SE
		SOME-REALM6.US = SOME-REALM5.FR
		SOME-REALM7.UK = SOME-REALM6.US
		SOME-REALM7.UK = SOME-REALM5.FR
		SOME-REALM8.UK = SOME-REALM6.US
	}
        H4.H2.TEST.H5L.SE = {
                H1.TEST.H5L.SE = H3.H2.TEST.H5L.SE
                H1.TEST.H5L.SE = H2.TEST.H5L.SE
                H1.TEST.H5L.SE = TEST.H5L.SE

                TEST.H5L.SE = H3.H2.TEST.H5L.SE
                TEST.H5L.SE = H2.TEST.H5L.SE

                H2.TEST.H5L.SE = H3.H2.TEST.H5L.SE
        }