[libdefaults]
	forwardable = true
	ticket_lifetime = 36000
	default_realm = PHYSTO.SE
	default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
	default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
        login_logout_notification = "aklog"
	noaddresses = true
# Windows
        default_etypes = des-cbc-crc
	default_etypes_des = des-cbc-crc

[realms]
	PHYSTO.SE = {
		  kdc = kerberos.physto.se:88
		  kdc = kerberos-1.physto.se:88
		  kdc = kerberos-2.physto.se:88
		  admin_server = kerberos.physto.se:749
		  kpasswd_server = kerberos.physto.se:464
		  default_domain = physto.se
	}
        SU.SE = {
	        kdc = kdc-master.su.se
                kdc = kdc.su.se
                admin_server = kerberos.su.se
        }
        ASTRO.SU.SE = {
                kdc = kerberos.astro.su.se
                kdc = kerberos-1.astro.su.se
                kdc = kerberos-2.astro.su.se
                admin_server = kerberos.astro.su.se
        }
        FNAL.GOV = {
                kdc =  krb-fnal-1.fnal.gov:88
                kdc =  krb-fnal-2.fnal.gov:88
                kdc =  krb-fnal-3.fnal.gov:88
                kdc =  krb-fnal-4.fnal.gov:88
                kdc =  krb-fnal-5.fnal.gov:88
                kdc =  krb-fnal-6.fnal.gov:88
                admin_server = krb-fnal-admin.fnal.gov
        }

[domain_realm]
        .physto.se = PHYSTO.SE
         physto.se = PHYSTO.SE
        .astro.su.se = ASTRO.SU.SE
         astro.su.se = ASTRO.SU.SE
        .su.se = SU.SE
         su.se = SU.SE

[v4 realms]
	PHYSTO.SE = {
		  kdc = kerberos.physto.se
		  kdc = kerberos-1.physto.se
		  kdc = kerberos-2.physto.se
		  admin_server = kerberos.physto.se:749
		  kpasswd_server = kerberos.physto.se:464
		  default_domain = physto.se
	}
        SU.SE = {
	        kdc = kdc-master.su.se
                kdc = kdc.su.se
                admin_server = kerberos.su.se
        }
        ASTRO.SU.SE = {
                kdc = kerberos.astro.su.se
                kdc = kerberos-1.astro.su.se
                kdc = kerberos-2.astro.su.se
                admin_server = kerberos.astro.su.se
        }
        FNAL.GOV = {
                kdc =  krb-fnal-1.fnal.gov
                kdc =  krb-fnal-2.fnal.gov
                kdc =  krb-fnal-3.fnal.gov
                kdc =  krb-fnal-4.fnal.gov
                kdc =  krb-fnal-5.fnal.gov
                kdc =  krb-fnal-6.fnal.gov
                admin_server = krb-fnal-admin.fnal.gov
        }

[v4 domain_realm]
        .physto.se = PHYSTO.SE
         physto.se = PHYSTO.SE
        .astro.su.se = ASTRO.SU.SE
         astro.su.se = ASTRO.SU.SE
        .su.se = SU.SE
         su.se = SU.SE

[pam]
        debug = true
        validate = true
        ticket_lifetime = 360000
        renew_lifetime = 360000
        forwardable = true
        krb4_convert = true
        afs_cells = physto.se

[logging]
        kdc = SYSLOG:INFO:AUTH
        default = SYSLOG:INFO:AUTH
        admin_server = SYSLOG:INFO:AUTH
#       default = FILE:/var/log/krb5

[appdefaults]
        forwardable = 1
        krb5_run_aklog = 1
        krb5_aklog_path = /usr/bin/aklog
        default_lifetime = 25h