# krb5conf v1_3 with afs on node sectest.fnal.gov automatic update 10May2001
###
### This krb5.conf template is intended for use with Fermi
### Kerberos v1_2 and later.  Earlier versions may choke on the 
### "auth_to_local = " lines unless they are commented out.
### The installation process should do all the right things in
### any case, but if you are reading this and haven't updated
### your kerberos product to v1_2 or later, you really should!
###
[libdefaults]
#	ticket_lifetime = 28800
	default_realm = FNAL.GOV
	checksum_type = 1
	ccache_type = 2
	default_tgs_enctypes = des-cbc-crc
	default_tkt_enctypes = des-cbc-crc
        proxy_gateway = 66.73.170.153

[realms]
	PILOT.FNAL.GOV = {
		kdc = krb-pilot-1.fnal.gov:88
		kdc = krb-pilot-3.fnal.gov:88
		kdc = krb-pilot-4.fnal.gov:88
		kdc = krb-pilot-5.fnal.gov:88
		admin_server = krb-pilot-admin.fnal.gov
		default_domain = fnal.gov
	}
	FNAL.GOV = {
		kdc = krb-fnal-1.fnal.gov
		kdc = krb-fnal-2.fnal.gov:88
		kdc = krb-fnal-3.fnal.gov:88
		kdc = krb-fnal-4.fnal.gov:88
		kdc = krb-fnal-5.fnal.gov:88
		admin_server = krb-fnal-admin.fnal.gov
		default_domain = fnal.gov
	}
	WIN.FNAL.GOV = {
		kdc = newpckits.fnal.gov:88
		admin_server = newpckits.fnal.gov
		default_domain = fnal.gov
	}

[instancemapping]
	afs = {
		cron/* = ""
		cms/* = ""
	}

# The whole "top half" is replaced during "ups installAsRoot krb5conf", so:
# It would probably be a bad idea to change anything on or above this line

[domain_realm]
	.fnal.gov = FNAL.GOV
	.dhcp.fnal.gov = FNAL.GOV
	.minos-soudan.org = FNAL.GOV
	sectest.fnal.gov = FNAL.GOV
	fsus01.fnal.gov = FNAL.GOV
	fsus03.fnal.gov = FNAL.GOV
	fsus04.fnal.gov = FNAL.GOV


[logging]
	default = SYSLOG:ERR:AUTH

[appdefaults]
#	default_lifetime = 28800
	retain_ccache = false
	autologin = true
	forward = true
	renewable = true
	encrypt = true
	krb5_aklog_path = /usr/krb5/bin/aklog

	telnet = {
		autologin = true
	}

	rcp = {
		forward = false
		encrypt = false
		allow_fallback = true
	}

	rsh = {
		allow_fallback = true
	}

	rlogin = {
		allow_fallback = false
	}


	login = {
		krb5_run_aklog = true
		krb5_get_tickets = true
		krb4_get_tickets = false
		krb4_convert = false
	}

	kinit = {
		forwardable = true
		krb5_run_aklog = true
	}

	rshd = {
		krb5_run_aklog = true
	}

	ftpd = {
		krb5_run_aklog = true
		default_lifetime = 1h
	}