# kdc.conf
[kdcdefaults]
kdc_ports = #kdc_ip#:#kdc_ports#
kdc_tcp_ports = ""
 
[libdefaults]
default_realm = OPENGAUSS.ORG
kdc_timeout = 2500
clockskew = 300
use_dns_lookup = 0
udp_preference_limit = 1465
max_retries = 5
dns_lookup_kdc = false
dns_lookup_realm = false
renewable = false
forwardable = false
renew_lifetime = 0m
max_renewable_life = 30m
allow_extend_version = false
default_ccache_name = FILE:/tmp//krb5cc_%{uid}
 
[realms]
OPENGAUSS.ORG = {
kdc = #kdc_ip#:#kdc_ports#
renewable = false
forwardable = false
renew_lifetime = 0m
max_renewable_life = 30m
acl_file = #krb_conf#/kadm5.acl
key_stash_file = #krb_conf#/.k5.OPENGAUSS.ORG
}
 
[domain_realm]
.opengauss.org = OPENGAUSS.ORG
 
[logging]
kdc = FILE:#GAUSSHOME#/kerberos/krb5kdc.log
default = SYSLOG:NOTICE:DAEMON

[dbmodules]
db_module_dir = #KRB_HOME#/lib/krb5/plugins/kdb
OPENGAUSS.ORG = {
database_name = #KRB_HOME#/var/krb5kdc/principal
}