ÿØÿà JFIF    ÿÛ „ !.%+&8&+/1555$;@;4?.451 4,$,44444444444414444444444444444444444444444444444444ÿÀ  á á" ÿÄ     ÿÄ ?    !1AQaq"2‘¡±ÁðBRbrÑá#‚’¢²3S CñÿÄ   ÿÄ !    !1QAa‘2ÿÚ   ? 5˜Z¯V¦cø)›t/? z¨±>Õ5€¶‹Á¤·¼z¼Ü¬+ñ®v¤¨_ˆR­BFn©—˜ý®ç̝P8gýt·ÉSTŦˆìät?þé¼íìN/Þa)ì–í6ô… Ï¿øÃj´¿KÇü]ÿ ªô¹-eKànëÕHTx}ýSÜ›ÿ ”7Ø×&µ<¦  ¥ÑO¶[Ù¯ä¨ÞÃÿ PZ-¬;#õ|•oaÿ ©CìÞz3˜öː/¤­ñTûIØ}š^ mÓ%ªxˆ¥ÉŸu=Z+ISe¿45™¼u;ú&WØ÷€æßQ™®{|íx*TC“#ZŠìZ§²‹ 6pv…³¿¡äª*áZÐ%ÒOáˆo"x«OHk w±æ+¬V(kMúŸ5Vö«$ ÁrÏbàb57/luR ¸ÑÛj Òµì`Ðœq­û žICÀÊ•©4€Âcà¨Ï€O´<èÐ:›ù(Ë^L8þ‘ÍÌ#¸Ð_Ì©ÙK(Öz 4¬û+¸;ü’V’84‘¬ÃŽ:[â‡ÔÌáõp¢~§ªlæ£ö{®G>J¼"°‡7¯ÆÉèßû ‹É‹§ÁòÃýâßî ^ƾÙõ‹×óH#«LP½ïX=xÑÍ$|W?•~• îëÔ©ª‹ {ÝT…Kÿ ”hûâá)J*ö˜–ÔU;iÇ€/ ÆþjóZ\ýwØ=Ìm ºèËL9 ýèÆð/¨’¥öo=nË.%Îì ŽÕ¯È|{Oj²ƒE6e/ßdÄõ²Ìâ1O®ò×TsəԸhOMýíMˆ¿¼H˜l²,7Â¥#MF/Úf°Ö½± ¸–dr‹NýÊ íjqx{œÉ ä-È ¦ øÄër¨q°ð †nцýÑÄÆ’mä…n<0È™;ÁÝá¯ÁZƒ7FÀmì­ É&9ˆîéi¶ùN§Y• ÃZãAâ?•‡©‰ , ó¾IŸŠc1 4â&y­&pŠ­6;M À 0¹qç»p.á …ŸÅáK@%6·y6ƒ‰3?”úºŽ‰éX5ªPT §µ!=Mž«Ú½‹ÅgÂSâÉaþÓoö–¯ÁÔìR>5éÿ üs¶ÆUcÌ kÇR ]ÿ ù¬¼«VŽ;Â|‡~¢¦”ÏÅ°æ {L™Õ°Óv¹ò¸írŽ¡×¢CÃ!íVÕ {¶»sŒNPg/ "uÕbkm²“$ďå¿é¹§°½æz¯6 †s¿!s–wÚÝ“™Œ °.ûj>·+™Òa…©Œ&rÝÎtÛë긪Ît’LAVp%c Úý[ÄzJ¾ÇàXXç@˜ó<êL]·T˜¾¥1Ó©V‡g´æ½¦Ý@¹óø!_@´ÞâSÁ —S3™•& ]@JHÚý©ZŽ €×æÔr»Áf!‡yÞ4Mv*èÓã_{‘åóUuљØ«Oïé*®EvÑ Œ÷‡U \"㪒ÍK+À 4“M¡ï:0¥5í!'<@î´”>Ç»&Z–ïCCV˜Ì5Šo&îhè.žû |ÓK©h$s6KìŒëã)¹hI¦GïOåóI;ììü#É$Š0…Ææ¥TØ.5­¾gn´ “ÂÖ\:hœ89G)J@„}œ:’Ò{/Š"¦_Æ×7Æ3VÇŠÊa]ÚŒÙ€Ä–=®uÁßâACZƒ§§£ Qnâ:«,×{tyø¬iÛcœÜÄ€H½ÄÍCk´÷šß .W'b¤Íåh]÷€=,Žv×cÚEÚHXJX¶îo¨FÒtèöŸ>ªª6[J®Fµ£sGÁeqõfe\íjÒÐïÄÐGˆe1Ø‹.Ø”‘Ëuø Y­ˆÜ ŽG|zùªüMpDnQWÄ”%JŠ™)â*p@Örš«ÕT2Ð%ˆG#ª„ ·¤!°ŸOTÂT¸aÚ%4&h™LµšØüÐ.F¿²ÐÞ_Ç‚¾ÅÃaÜ÷09Æ q€öy˜v‡85õN÷]¬äѼóS{°_MŽ¬úÔ#°Ç¸0åÞè2ëôPcvÆw9®ií1Ä8F™˜à‰´+‰Ik1òÝ7“Ñ×ÒsÝ\x‚h`ÞÑ`ó"|µEcý£n˜h`}GÞ !±ù²Ápü²ß6 0ïi󜵩SÈÇ7˜-ÕURO˜¦´f$ªž-Í6(œ}<„ éc øs]ŽŽ„*—¾ ìdŽ„)méª\¿êÎIg¾ØÞ~I#C/¼¼´EÁÈŽi8“©õådô·>euä ƒ'Ê×लR1ÉJE1ÐAát`t;ÇР%Ý<‡¥„ÍÆ`×Oyó)õiI€ñQaŸ4Ûù\áàaÃÔ¹HÃu¹*k€¦<„e S‡&õÏ B!ŽhüÞ`yj}mªf×\¿ Ç~æ­9‡û\՞Ǖg²1Žû5V7 !àöšm° c`ܬøÇìµÒ'P"?…´Ö,"§^•õŽ¨sÔ)6˜sæéÍR¼ ò|Sl”‹7 nPW Gòú÷½§O¯‡„l¡kSÞŒr½PÊ@æ¢pŽ-mÿ #Ÿ˜Àº¶Áä¦;ïÔæ$1££`“Õ>„—·ž)ßð³ñ#Ï Ô$¶œ‰ÊE‹À;÷º ¯«P:Ñ”8–IÊtpÞ3ª“>ê“þës4ò2OÏÕ­±zô†Õ§‰.÷ä¸;¿˜“'œ›žª}«Œ{ª±Ì 9ÔóÞÕ‡0 $íWV3Üì¬ —@kÝ4@¿r¼±½¬™›?øØæ´'Áé®CË3-g$˜ö‡×auÚi´Žp/êÛ æF›Ú2v‹ã¿¿,nB1̨ƃqÞa5͝@&Æû“él÷ \C²½UÍc ¯k×¢U ÖéQå™—-r wô ÞÏ<Ò=&=ÿ Ôê Òêˈt,i—;LîÜ á¸*ÚÃ1$êL•LÍ <É)ýÐà’ ;F™{ƒ™˜€&'}‚ãÄK`¡ÞT@I;®žZóè‚s’7®°›+§O­Åq©é»²9<Ô J ¼9O’HL»Ùïì¸rk¼Ž_ý‘TŸu[²ßÚŒ·ü÷B%¯E ŸÔX5êO´ Ç•€’I0 ÉJX` ñ¹õ%;µŸD‘«´€àwÒ™U ûئžÖö\×®×´8 ½‡ºÐÆÓ§?Àkmœ=;d5*@-ì0F Rªýš[Ü6âö̃ڸr*KA9· u*µæ£?U¸Âêí†8@¦X4 e-ò„0s{ HâUpU?¼mñRa°®a%Ð'tÉ×’\¾ÊÉ]t›h>·(Ë@R¼¡Ãt h}’O÷au<+nT…Ö…MӐ??Óe95 q>í/;&JSû °¯ÊéÞ øƒ*Ã2½Ài&:nôUl=¾¿5eˆ3”ñc|Ú2V”>„»&eE;«ÚäC p¢Û úy 9š[ŒÌx¼擼A&DåÒ¯ˆ¤ÀÌ;"˜ ÏQä¸åhÊ}Ûq«Û0WžÒ|»€ø®öCm5•\ÇÀ§Pe3£]0ÃàLDÉ‰1øªxjgwT‚÷¿LΨK‹›ùs—xˆÜ±µ kæ¸f‰‰ÜGk/LÛØ6d9ò¶ùA{ƒA3š/¬D¬khÓk‰`˜"㯒r¿±Óã jx‡°e}<Ñø\3y:'À•/h½Í€Ç4~g ?Û(¼]v‘ªlKÎâ~?O‚W%{Ì:“'©úNq¾›úo(X’¥¯ˆ nFê{Ç€ü?º'ë ø‹ì Þ09ŒÌç9Æ —ËC`j@ÓÄ(+a‹un¸#ÂꟋ{K`‘ÑÍÍ'à´»/Û,KW;Þ4²þð ï Nm|~fGÏ(…³Ã)«1ö­Õ ¥‡¨©ƒÃ™ü-s=à=U66Ï«Ýc蓦W¹íž®›nÔ%êÇìŒ<#Ü×84ån®Ð ÒåOC` ñânÑs‡¢ç 1õ%Îhì½Ã½® e:ݼUZo™`  ÅZŸŒÊ«ê1ÏÄo$q¹Þ€©ˆhÐÉä¯ñ[!…Ú˜àJ:x2$Íß&PåT£6ç— ‡Í*4Ýšçjÿ ‰É nófÐ ó(L5C•åÆ\rMÒ@ò }y-W}™üýVù—ú¢=Ù”c®‘< M ž ´Phr ¦©TD ‘ù.$´÷O‡‘V2Æò.=IUŒ=ž‡â¬i™aþÓåÙ?òUø'ØÖ•.~* šTŒ!•-×áºTâ®ä#õü'´ eýlYÅÓeÕKÂrT"CÚ@u!Óxƒ{š3€}1¿(r}%«nËamjÑ%ÑNEò v ˜à  σöK³,*º.àzù¨™Ó ÚçâU¦*¿ 9{%Ö¹ njûdaXöb) kÛƱûÓ\°M7ˆÂ=û›ç¿Ã‚­V»Cg–8ÙêE- j)k$º`Ã-ùEýeBÆÇ]c¡°ñty&Òd0nõ'¡W+ƒ*|–øµFa\GQªEAÔp5\Ǽ·¼Ç8·õ -â§Ú[ ‡ uZeÖ 3}×d'+¹:ð+K†Û®s!Ï$úe€<Û”x)1»a­¡LC]¸µík…ÚàA»AYº{†ªS[¦5HÒ7ù --,ísòDØ€èk ÞÀîÜ ò@â( ËNˆë›4ô½•/¦o‡€Û7 ê•ÆêòðÜy'Án½µ á˜ݦ ndeo…[ì¶Ê,¥R³Ä=À±—–ß;£™´ñSâ*g§”ïaið‘Jå~™ÓÞ ß³Õ¢»8x埒²52>AÊb&-÷\7´éÄù€T˜,w;3{ï˜k…à¹ÄqÀ«œ{€\ ˆ¾[´¨јr &Úé„Ívˆ±8†¿]|¬ņ4I×pÞS1ÈÖz‰#Ìv‡G!YNògñ:màTz¢Ý1ô©^O=~ë|5Bã™ç•¼µõ•bÆ@úÕS¬ÈŒ#¬zünrŸ û” Z²•ï›èðV"ÁHÚý©wÝ €7¼Ìu1hÑa3Éä û f$o¿É ™Ú›ÝçnpÒ3äÌ3†Í§,Äï]$‰/pê †«À¼¸e9­Æê_C]žƒ·ý·frÁN«, E=›Çq -‰öŒ:aÏ¿±í&£Í:-} 84‘ÿ eƒQÑeëSsuiA ³g㟥ú£?ÿ ʼn*”“÷aühe:ÊWa@ÒÞk±eØ] F Ô—r.åä˜ @ö¥ªZoÐýYL·¥S²G/‡ñ <~*ZÆ´è>JlòàÛƽÿ 窘ìGN¢:I®KšJp/`íIÁÀõ#Ä-€ö­šµŒoF4|ÆQØÆ@Ì|£Ô…¢À{9˜è½Üó›€ôYÒÎYsið;ís¤€à²ˆ‚4qÉVŒI$ ‰"° æµ8cXGjœˏ¡Aâý•ËÜ¢ûï e·çLx']á"oÅÎê3¯Ç—¹”ó0nå‚âg{Œñ> S´˜îè°g238‚ãköÝfÚd´6Ò€;ò÷±¢™¼›º ¢Æ'¥Ðx'e¬ç ]bÈÆV¢ó‹kýBO ðÊâ$Ÿ!×T 3Mýמ žìٍàÌü‘8÷€àæØ8æ©6‰©L´«…oãpð„~Çk‰!ñ;‹”ÛžÍ àž±z Ÿôû øŸÝužÏ;ÿ #|u6™Þ¬ÚˆÐõA4¶â|ôl|Ê2ŽÇ¤ÝÅÇY.<#Aí.k§hóF‚”Y; M½Ö4hŸ4&›­¿tès´%FìL¥£Ãk‰ÇT¤haÁ¤ÚxfÉ`ÑìË›>i 3t‚:,–+^÷´–{Û–Nxi"x‘Ûg î¨>¥Õ܁ùZH,2Û“:8xÊ¢Çí9.É-Ìâã-=çjwµS˜dütžçwýGòú®®ûº_ˆýx$–¡ãøO EÚÛÏ÷R„×w+3£Á£öUMyR²¹âŒ°š›¸Ñãò9§Ó_Dl+Ùßc›úšGÅÌc†Ž!Ko=¶.‘Îÿ c²(2®V mª.ÿ ¹B›¹å ù„öŸSV>™ü¯$y:G¢Z×àøúdî¹û­·ýÇ´:•c LÍõi_‹ö+ÎæGÊè>OŠ•äž´§Þ{X}¨1ÚTc›»Qþ•êô°t¿OP?eæ~É{5]•ÙR£r5†nZ\ã@ &îJõ ¾àC°þV>fé¥/ü5ñÊIº_é5 ;e­h<@ Ä&æÃëE%;X,ÒãÆÞ`Oò¦kŸm#˜!ÀyÄ¢| óLšò¥Ä` ¶R=|ÈCâh5ò3DˆïF†ðÒ#ÅìÛœ?¸yhBãœí ZxßÎÄhºRK„`Þödvײ™ÀÈÑÒgŒuY w³%†ƒÓzõ ÖÏp‚dH®¦A´ù§»ÓÇMæ~)ˆð‡û:ù&Ä •vGD´À n ݇¼Ö8Fö óáà£~Ë¥x`oK|Ä?fxiØü%pìR>éò+Û±éÎ>núlFŤ'tq8LZÏvÃ?„¡ß±È⽆¯³íü@x|PöUäèØã¡ð‚ŒAìÏ"vÍwóŸÍ{ ý0.z È•Ö{,N¡£¡ŸKÕÙž>Ýœþ ÍÀ°<×EA!Å‚D™IúOÍ¡>ôG}Â` ÍßkÜL™Ž Þð™ {IøF²¹òQ3&!ÃÂÞz.d&Ï-sH¸,Ôõ˜ŽP€ 77ˆÝ¼ÊëÜw =cÕ Ú,ØÐ5ÎYÐ)ì´öœgŒ[¤ßv㙑8心>h]§µháYš£²ºÑ.{Ï7Sð•?´~×SÃKýJÛ˜ ™Íäiúu<µX¶1õ^kâçIÑ£sZ4h>j*ÔšD:4­¿_ ÷¸ Õxæÿ ¸?Mù _•­ÊÐ ä ÷ý ÑwL œ­ïnTkÛUÍN©ë:¦fV ¶ÜÔÜMªÅâA½–¿R×TXš-%iTÊT•‡Ù‚JôϐZxWÑè‰f‰òG º ×Õû2aZ7OU3[“×AT–ÞŒ…-‘¤”Ì ì&(ˆ¿­•ƒkï’:ðY¦W‘ Å)“†‘˜³Åtcø˜ñTÂwÚÇ4|üLÇªí–v- qˆèU qPE.†â‘˜µ Æ,ÐÅs]8¾„oúÑ i>ÜxxÈó)ƒ ´æÁâØ$À‰vžŸf$Ž |ãw;ÀÁIJ»b` {¦Ó¤Ú$©YÀ‘n@Óïž«9J¼êG m¤ ܯ¹ÌW4€ÐÒÅÛ‡#褕Ÿn-?í|с¥÷Ú¹¬'´ÞÜ9ÓK `hê£SÄSà?7—Wí_´…óB›»:=Ãïq`<8ñÓŒÑlú2d¬ê³£hÖ[l|$vÝro~'R®‰§°ñmY ͧäP |PUª¹·:3Œ[Û{Xÿ ºâ@‚W–Äé u‚ ¯´*=íή.pûÒdt @G‰¬ s¸ ëÉücr ÞæѨÊ@>¤¢Ö±. Þ'¯°ÌME[YéïĵÂCå½ Ué©Áû'Ê9%eÔðNU”ë‘ÌsD3/®+UI˜9h.WC”빓$#:pz:YÓ ¿xž* ³$Í +$kñAŠ‹†¢ Uê>¸)_š¬÷©ßAÂÔb9ÇU ¯¾á•9¯ÏÏ÷O÷¼¼Fähal1‰3Ì[Ïr•´UCksNÐ] R‘¸¥H+§Šé†c©vÖÞ0iÓ76s†î!§=ß ¼~Ô'°Ãmäoäš³ªøi1úÉ)³yV8 CLÄØÁ‘WYïi€H6ÖÑiámø^ÈY´°Ñ7¥Û*—Ñ©L«Qƒï—Ùrÿ ›£Ð*š¸ˆL©ˆ$ˆ ÷¾D§9È®«qbqC)–ˆïv´çñsÑVT­Ø, <àïºÀO«Jý·õ àfPìð .wFšir´þ’2_Y *Æ€x\« ì€9š@ Ž|F⇥ˆkZ@hÖÄ0t¿-<“‹qµ¾*ZL¤Ú)&BJpÓF5=$„at*Zš$’ÑtdûÝRI1 2Ž‰$€$I$#‰SÞ’Hë¬ï;Á$¡t$’`<(ñÇt)$‡Ð.Êf¢X’Kt=Éé$‚ˆªè¢oÝëòI%Rgcª÷ŠyI%¡‰ÿ !ñ)´õ $¤ Ô’IIGÿÙmodule Test_krb5 = (* Krb5.conf from Fermilab *) let fermi_str = "### ### This krb5.conf template is intended for use with Fermi ### Kerberos v1_2 and later. Earlier versions may choke on the ### \"auth_to_local = \" lines unless they are commented out. ### The installation process should do all the right things in ### any case, but if you are reading this and haven't updated ### your kerberos product to v1_2 or later, you really should! ### [libdefaults] ticket_lifetime = 1560m default_realm = FNAL.GOV ccache_type = 4 default_tgs_enCtypes = des-cbc-crc default_tkt_enctypes = des-cbc-crc permitted_enctypes = des-cbc-crc des3-cbc-sha1 default_lifetime = 7d renew_lifetime = 7d autologin = true forward = true forwardable = true renewable = true encrypt = true v4_name_convert = { host = { rcmd = host } } [realms] FNAL.GOV = { kdc = krb-fnal-1.fnal.gov:88 kdc = krb-fnal-2.fnal.gov:88 kdc = krb-fnal-3.fnal.gov:88 kdc = krb-fnal-4.fnal.gov:88 kdc = krb-fnal-5.fnal.gov:88 kdc = krb-fnal-6.fnal.gov:88 kdc = krb-fnal-7.fnal.gov:88 master_kdc = krb-fnal-admin.fnal.gov:88 admin_server = krb-fnal-admin.fnal.gov default_domain = fnal.gov } WIN.FNAL.GOV = { kdc = littlebird.win.fnal.gov:88 kdc = bigbird.win.fnal.gov:88 default_domain = fnal.gov } FERMI.WIN.FNAL.GOV = { kdc = sully.fermi.win.fnal.gov:88 kdc = elmo.fermi.win.fnal.gov:88 kdc = grover.fermi.win.fnal.gov:88 kdc = oscar.fermi.win.fnal.gov:88 kdc = cookie.fermi.win.fnal.gov:88 kdc = herry.fermi.win.fnal.gov:88 default_domain = fnal.gov } UCHICAGO.EDU = { kdc = kerberos-0.uchicago.edu kdc = kerberos-1.uchicago.edu kdc = kerberos-2.uchicago.edu admin_server = kerberos.uchicago.edu default_domain = uchicago.edu } PILOT.FNAL.GOV = { kdc = i-krb-2.fnal.gov:88 master_kdc = i-krb-2.fnal.gov:88 admin_server = i-krb-2.fnal.gov default_domain = fnal.gov } WINBETA.FNAL.GOV = { kdc = wbdc1.winbeta.fnal.gov:88 kdc = wbdc2.winbeta.fnal.gov:88 default_domain = fnal.gov } FERMIBETA.WINBETA.FNAL.GOV = { kdc = fbdc1.fermibeta.winbeta.fnal.gov:88 kdc = fbdc2.fermibeta.winbeta.fnal.gov:88 default_domain = fnal.gov } CERN.CH = { kdc = afsdb2.cern.ch kdc = afsdb3.cern.ch kdc = afsdb1.cern.ch default_domain = cern.ch kpasswd_server = afskrb5m.cern.ch admin_server = afskrb5m.cern.ch v4_name_convert = { host = { rcmd = host } } } 1TS.ORG = { kdc = kerberos.1ts.org admin_server = kerberos.1ts.org } stanford.edu = { kdc = krb5auth1.stanford.edu kdc = krb5auth2.stanford.edu kdc = krb5auth3.stanford.edu master_kdc = krb5auth1.stanford.edu admin_server = krb5-admin.stanford.edu default_domain = stanford.edu krb524_server = krb524.stanford.edu } [instancemapping] afs = { cron/* = \"\" cms/* = \"\" afs/* = \"\" e898/* = \"\" } [capaths] # FNAL.GOV and PILOT.FNAL.GOV are the MIT Kerberos Domains # FNAL.GOV is production and PILOT is for testing # The FERMI Windows domain uses the WIN.FNAL.GOV root realm # with the FERMI.WIN.FNAL.GOV sub-realm where machines and users # reside. The WINBETA and FERMIBETA domains are the equivalent # testing realms for the FERMIBETA domain. The 2-way transitive # trust structure of this complex is as follows: # # FNAL.GOV <=> PILOT.FNAL.GOV # FNAL.GOV <=> WIN.FERMI.GOV <=> FERMI.WIN.FERMI.GOV # PILOT.FNAL.GOV <=> WINBETA.FNAL.GOV <=> FERMIBETA.WINBETA.FNAL.GOV FNAL.GOV = { PILOT.FNAL.GOV = . FERMI.WIN.FNAL.GOV = WIN.FNAL.GOV WIN.FNAL.GOV = . FERMIBETA.WINBETA.FNAL.GOV = WINBETA.FNAL.GOV WINBETA.FNAL.GOV = PILOT.FNAL.GOV } PILOT.FNAL.GOV = { FNAL.GOV = . FERMI.WIN.FNAL.GOV = WIN.FNAL.GOV WIN.FNAL.GOV = FNAL.GOV FERMIBETA.WINBETA.FNAL.GOV = WINBETA.FNAL.GOV WINBETA.FNAL.GOV = . } WIN.FNAL.GOV = { FNAL.GOV = . PILOT.FNAL.GOV = FNAL.GOV FERMI.WIN.FNAL.GOV = . FERMIBETA.WINBETA.FNAL.GOV = WINBETA.FNAL.GOV WINBETA.FNAL.GOV = PILOT.FNAL.GOV } WINBETA.FNAL.GOV = { PILOT.FNAL.GOV = . FERMIBETA.WINBETA.FNAL.GOV = . FNAL.GOV = PILOT.FNAL.GOV FERMI.WIN.FNAL.GOV = WIN.FNAL.GOV WIN.FNAL.GOV = PILOT.FNAL.GOV } [logging] kdc = SYSLOG:info:local1 admin_server = SYSLOG:info:local2 default = SYSLOG:err:auth [domain_realm] # Fermilab's (non-windows-centric) domains .fnal.gov = FNAL.GOV .cdms-soudan.org = FNAL.GOV .deemz.net = FNAL.GOV .dhcp.fnal.gov = FNAL.GOV .minos-soudan.org = FNAL.GOV i-krb-2.fnal.gov = PILOT.FNAL.GOV .win.fnal.gov = WIN.FNAL.GOV .fermi.win.fnal.gov = FERMI.WIN.FNAL.GOV .winbeta.fnal.gov = WINBETA.FNAL.GOV .fermibeta.winbeta.fnal.gov = FERMIBETA.WINBETA.FNAL.GOV # Fermilab's KCA servers so FERMI.WIN principals work in FNAL.GOV realm # winserver.fnal.gov = FERMI.WIN.FNAL.GOV # winserver2.fnal.gov = FERMI.WIN.FNAL.GOVA # Accelerator nodes to FERMI.WIN for Linux/OS X users adgroups.fnal.gov = FERMI.WIN.FNAL.GOV adusers.fnal.gov = FERMI.WIN.FNAL.GOV webad.fnal.gov = FERMI.WIN.FNAL.GOV # Friends and family (by request) .cs.ttu.edu = FNAL.GOV .geol.uniovi.es = FNAL.GOV .harvard.edu = FNAL.GOV .hpcc.ttu.edu = FNAL.GOV .infn.it = FNAL.GOV .knu.ac.kr = FNAL.GOV .lns.mit.edu = FNAL.GOV .ph.liv.ac.uk = FNAL.GOV .pha.jhu.edu = FNAL.GOV .phys.ttu.edu = FNAL.GOV .phys.ualberta.ca = FNAL.GOV .physics.lsa.umich.edu = FNAL.GOV .physics.ucla.edu = FNAL.GOV .physics.ucsb.edu = FNAL.GOV .physics.utoronto.ca = FNAL.GOV .rl.ac.uk = FNAL.GOV .rockefeller.edu = FNAL.GOV .rutgers.edu = FNAL.GOV .sdsc.edu = FNAL.GOV .sinica.edu.tw = FNAL.GOV .tsukuba.jp.hep.net = FNAL.GOV .ucsd.edu = FNAL.GOV .unl.edu = FNAL.GOV .in2p3.fr = FNAL.GOV .wisc.edu = FNAL.GOV .pic.org.es = FNAL.GOV .kisti.re.kr = FNAL.GOV # The whole \"top half\" is replaced during \"ups installAsRoot krb5conf\", so: # It would probably be a bad idea to change anything on or above this line # If you need to add any .domains or hosts, put them here [domain_realm] mojo.lunet.edu = FNAL.GOV [appdefaults] default_lifetime = 7d retain_ccache = false autologin = true forward = true forwardable = true renewable = true encrypt = true krb5_aklog_path = /usr/bin/aklog telnet = { } rcp = { forward = true encrypt = false allow_fallback = true } rsh = { allow_fallback = true } rlogin = { allow_fallback = false } login = { forwardable = true krb5_run_aklog = false krb5_get_tickets = true krb4_get_tickets = false krb4_convert = false } kinit = { forwardable = true krb5_run_aklog = false } kadmin = { forwardable = false } rshd = { krb5_run_aklog = false } ftpd = { krb5_run_aklog = false default_lifetime = 10h } pam = { debug = false forwardable = true renew_lifetime = 7d ticket_lifetime = 1560m krb4_convert = true afs_cells = fnal.gov krb5_run_aklog = false } " test Krb5.lns get fermi_str = { "#comment" = "##" } { "#comment" = "## This krb5.conf template is intended for use with Fermi" } { "#comment" = "## Kerberos v1_2 and later. Earlier versions may choke on the" } { "#comment" = "## \"auth_to_local = \" lines unless they are commented out." } { "#comment" = "## The installation process should do all the right things in" } { "#comment" = "## any case, but if you are reading this and haven't updated" } { "#comment" = "## your kerberos product to v1_2 or later, you really should!" } { "#comment" = "##" } { "libdefaults" { "ticket_lifetime" = "1560m" } { "default_realm" = "FNAL.GOV" } { "ccache_type" = "4" } { "default_tgs_enctypes" = "des-cbc-crc" } { "#eol" } { "default_tkt_enctypes" = "des-cbc-crc" } { "#eol" } { "permitted_enctypes" = "des-cbc-crc" } { "permitted_enctypes" = "des3-cbc-sha1" } { "#eol" } { "default_lifetime" = "7d" } { "renew_lifetime" = "7d" } { "autologin" = "true" } { "forward" = "true" } { "forwardable" = "true" } { "renewable" = "true" } { "encrypt" = "true" } { "v4_name_convert" { "host" { "rcmd" = "host" } } } { } } { "realms" { "realm" = "FNAL.GOV" { "kdc" = "krb-fnal-1.fnal.gov:88" } { "kdc" = "krb-fnal-2.fnal.gov:88" } { "kdc" = "krb-fnal-3.fnal.gov:88" } { "kdc" = "krb-fnal-4.fnal.gov:88" } { "kdc" = "krb-fnal-5.fnal.gov:88" } { "kdc" = "krb-fnal-6.fnal.gov:88" } { "kdc" = "krb-fnal-7.fnal.gov:88" } { "master_kdc" = "krb-fnal-admin.fnal.gov:88" } { "admin_server" = "krb-fnal-admin.fnal.gov" } { "default_domain" = "fnal.gov" } } { "realm" = "WIN.FNAL.GOV" { "kdc" = "littlebird.win.fnal.gov:88" } { "kdc" = "bigbird.win.fnal.gov:88" } { "default_domain" = "fnal.gov" } } { "realm" = "FERMI.WIN.FNAL.GOV" { "kdc" = "sully.fermi.win.fnal.gov:88" } { "kdc" = "elmo.fermi.win.fnal.gov:88" } { "kdc" = "grover.fermi.win.fnal.gov:88" } { "kdc" = "oscar.fermi.win.fnal.gov:88" } { "kdc" = "cookie.fermi.win.fnal.gov:88" } { "kdc" = "herry.fermi.win.fnal.gov:88" } { "default_domain" = "fnal.gov" } } { "realm" = "UCHICAGO.EDU" { "kdc" = "kerberos-0.uchicago.edu" } { "kdc" = "kerberos-1.uchicago.edu" } { "kdc" = "kerberos-2.uchicago.edu" } { "admin_server" = "kerberos.uchicago.edu" } { "default_domain" = "uchicago.edu" } } { "realm" = "PILOT.FNAL.GOV" { "kdc" = "i-krb-2.fnal.gov:88" } { "master_kdc" = "i-krb-2.fnal.gov:88" } { "admin_server" = "i-krb-2.fnal.gov" } { "default_domain" = "fnal.gov" } } { "realm" = "WINBETA.FNAL.GOV" { "kdc" = "wbdc1.winbeta.fnal.gov:88" } { "kdc" = "wbdc2.winbeta.fnal.gov:88" } { "default_domain" = "fnal.gov" } } { "realm" = "FERMIBETA.WINBETA.FNAL.GOV" { "kdc" = "fbdc1.fermibeta.winbeta.fnal.gov:88" } { "kdc" = "fbdc2.fermibeta.winbeta.fnal.gov:88" } { "default_domain" = "fnal.gov" } } { "realm" = "CERN.CH" { "kdc" = "afsdb2.cern.ch" } { "kdc" = "afsdb3.cern.ch" } { "kdc" = "afsdb1.cern.ch" } { "default_domain" = "cern.ch" } { "kpasswd_server" = "afskrb5m.cern.ch" } { "admin_server" = "afskrb5m.cern.ch" } { "v4_name_convert" { "host" { "rcmd" = "host" } } } } { "realm" = "1TS.ORG" { "kdc" = "kerberos.1ts.org" } { "admin_server" = "kerberos.1ts.org" } } { "realm" = "stanford.edu" { "kdc" = "krb5auth1.stanford.edu" } { "kdc" = "krb5auth2.stanford.edu" } { "kdc" = "krb5auth3.stanford.edu" } { "master_kdc" = "krb5auth1.stanford.edu" } { "admin_server" = "krb5-admin.stanford.edu" } { "default_domain" = "stanford.edu" } { "krb524_server" = "krb524.stanford.edu" } } { } } { "instancemapping" { "afs" { "mapping" = "cron/*" { "value" = "" } } { "mapping" = "cms/*" { "value" = "" } } { "mapping" = "afs/*" { "value" = "" } } { "mapping" = "e898/*" { "value" = "" } } } { } } { "capaths" { } { "#comment" = "FNAL.GOV and PILOT.FNAL.GOV are the MIT Kerberos Domains" } { "#comment" = "FNAL.GOV is production and PILOT is for testing" } { "#comment" = "The FERMI Windows domain uses the WIN.FNAL.GOV root realm" } { "#comment" = "with the FERMI.WIN.FNAL.GOV sub-realm where machines and users" } { "#comment" = "reside. The WINBETA and FERMIBETA domains are the equivalent" } { "#comment" = "testing realms for the FERMIBETA domain. The 2-way transitive" } { "#comment" = "trust structure of this complex is as follows:" } {} { "#comment" = "FNAL.GOV <=> PILOT.FNAL.GOV" } { "#comment" = "FNAL.GOV <=> WIN.FERMI.GOV <=> FERMI.WIN.FERMI.GOV" } { "#comment" = "PILOT.FNAL.GOV <=> WINBETA.FNAL.GOV <=> FERMIBETA.WINBETA.FNAL.GOV" } { } { "FNAL.GOV" { "PILOT.FNAL.GOV" = "." } { "FERMI.WIN.FNAL.GOV" = "WIN.FNAL.GOV" } { "WIN.FNAL.GOV" = "." } { "FERMIBETA.WINBETA.FNAL.GOV" = "WINBETA.FNAL.GOV" } { "WINBETA.FNAL.GOV" = "PILOT.FNAL.GOV" } } { "PILOT.FNAL.GOV" { "FNAL.GOV" = "." } { "FERMI.WIN.FNAL.GOV" = "WIN.FNAL.GOV" } { "WIN.FNAL.GOV" = "FNAL.GOV" } { "FERMIBETA.WINBETA.FNAL.GOV" = "WINBETA.FNAL.GOV" } { "WINBETA.FNAL.GOV" = "." } } { "WIN.FNAL.GOV" { "FNAL.GOV" = "." } { "PILOT.FNAL.GOV" = "FNAL.GOV" } { "FERMI.WIN.FNAL.GOV" = "." } { "FERMIBETA.WINBETA.FNAL.GOV" = "WINBETA.FNAL.GOV" } { "WINBETA.FNAL.GOV" = "PILOT.FNAL.GOV" } } { "WINBETA.FNAL.GOV" { "PILOT.FNAL.GOV" = "." } { "FERMIBETA.WINBETA.FNAL.GOV" = "." } { "FNAL.GOV" = "PILOT.FNAL.GOV" } { "FERMI.WIN.FNAL.GOV" = "WIN.FNAL.GOV" } { "WIN.FNAL.GOV" = "PILOT.FNAL.GOV" } } { } } { "logging" { "kdc" { "syslog" { "severity" = "info" } { "facility" = "local1" } } } { "admin_server" { "syslog" { "severity" = "info" } { "facility" = "local2" } } } { "default" { "syslog" { "severity" = "err" } { "facility" = "auth" } } } { } } { "domain_realm" { "#comment" = "Fermilab's (non-windows-centric) domains" } { ".fnal.gov" = "FNAL.GOV" } { ".cdms-soudan.org" = "FNAL.GOV" } { ".deemz.net" = "FNAL.GOV" } { ".dhcp.fnal.gov" = "FNAL.GOV" } { ".minos-soudan.org" = "FNAL.GOV" } { "i-krb-2.fnal.gov" = "PILOT.FNAL.GOV" } { ".win.fnal.gov" = "WIN.FNAL.GOV" } { ".fermi.win.fnal.gov" = "FERMI.WIN.FNAL.GOV" } { ".winbeta.fnal.gov" = "WINBETA.FNAL.GOV" } { ".fermibeta.winbeta.fnal.gov" = "FERMIBETA.WINBETA.FNAL.GOV" } { "#comment" = "Fermilab's KCA servers so FERMI.WIN principals work in FNAL.GOV realm" } { "#comment" = "winserver.fnal.gov = FERMI.WIN.FNAL.GOV" } { "#comment" = "winserver2.fnal.gov = FERMI.WIN.FNAL.GOVA" } { "#comment" = "Accelerator nodes to FERMI.WIN for Linux/OS X users" } { "adgroups.fnal.gov" = "FERMI.WIN.FNAL.GOV" } { "adusers.fnal.gov" = "FERMI.WIN.FNAL.GOV" } { "webad.fnal.gov" = "FERMI.WIN.FNAL.GOV" } { "#comment" = "Friends and family (by request)" } { ".cs.ttu.edu" = "FNAL.GOV" } { ".geol.uniovi.es" = "FNAL.GOV" } { ".harvard.edu" = "FNAL.GOV" } { ".hpcc.ttu.edu" = "FNAL.GOV" } { ".infn.it" = "FNAL.GOV" } { ".knu.ac.kr" = "FNAL.GOV" } { ".lns.mit.edu" = "FNAL.GOV" } { ".ph.liv.ac.uk" = "FNAL.GOV" } { ".pha.jhu.edu" = "FNAL.GOV" } { ".phys.ttu.edu" = "FNAL.GOV" } { ".phys.ualberta.ca" = "FNAL.GOV" } { ".physics.lsa.umich.edu" = "FNAL.GOV" } { ".physics.ucla.edu" = "FNAL.GOV" } { ".physics.ucsb.edu" = "FNAL.GOV" } { ".physics.utoronto.ca" = "FNAL.GOV" } { ".rl.ac.uk" = "FNAL.GOV" } { ".rockefeller.edu" = "FNAL.GOV" } { ".rutgers.edu" = "FNAL.GOV" } { ".sdsc.edu" = "FNAL.GOV" } { ".sinica.edu.tw" = "FNAL.GOV" } { ".tsukuba.jp.hep.net" = "FNAL.GOV" } { ".ucsd.edu" = "FNAL.GOV" } { ".unl.edu" = "FNAL.GOV" } { ".in2p3.fr" = "FNAL.GOV" } { ".wisc.edu" = "FNAL.GOV" } { ".pic.org.es" = "FNAL.GOV" } { ".kisti.re.kr" = "FNAL.GOV" } { } { "#comment" = "The whole \"top half\" is replaced during \"ups installAsRoot krb5conf\", so:" } { "#comment" = "It would probably be a bad idea to change anything on or above this line" } { } { "#comment" = "If you need to add any .domains or hosts, put them here" } } { "domain_realm" { "mojo.lunet.edu" = "FNAL.GOV" } { } } { "appdefaults" { "default_lifetime" = "7d" } { "retain_ccache" = "false" } { "autologin" = "true" } { "forward" = "true" } { "forwardable" = "true" } { "renewable" = "true" } { "encrypt" = "true" } { "krb5_aklog_path" = "/usr/bin/aklog" } { } { "application" = "telnet" } { } { "application" = "rcp" { "forward" = "true" } { "encrypt" = "false" } { "allow_fallback" = "true" } } { } { "application" = "rsh" { "allow_fallback" = "true" } } { } { "application" = "rlogin" { "allow_fallback" = "false" } } { } { } { "application" = "login" { "forwardable" = "true" } { "krb5_run_aklog" = "false" } { "krb5_get_tickets" = "true" } { "krb4_get_tickets" = "false" } { "krb4_convert" = "false" } } { } { "application" = "kinit" { "forwardable" = "true" } { "krb5_run_aklog" = "false" } } { } { "application" = "kadmin" { "forwardable" = "false" } } { } { "application" = "rshd" { "krb5_run_aklog" = "false" } } { } { "application" = "ftpd" { "krb5_run_aklog" = "false" } { "default_lifetime" = "10h" } } { } { "application" = "pam" { "debug" = "false" } { "forwardable" = "true" } { "renew_lifetime" = "7d" } { "ticket_lifetime" = "1560m" } { "krb4_convert" = "true" } { "afs_cells" = "fnal.gov" } { "krb5_run_aklog" = "false" } } } (* Example from the krb5 distrubution *) let dist_str = "[libdefaults] default_realm = ATHENA.MIT.EDU krb4_config = /usr/kerberos/lib/krb.conf krb4_realms = /usr/kerberos/lib/krb.realms [realms] ATHENA.MIT.EDU = { admin_server = KERBEROS.MIT.EDU default_domain = MIT.EDU v4_instance_convert = { mit = mit.edu lithium = lithium.lcs.mit.edu } } ANDREW.CMU.EDU = { admin_server = vice28.fs.andrew.cmu.edu } # use \"kdc =\" if realm admins haven't put SRV records into DNS GNU.ORG = { kdc = kerberos.gnu.org kdc = kerberos-2.gnu.org admin_server = kerberos.gnu.org } [domain_realm] .mit.edu = ATHENA.MIT.EDU mit.edu = ATHENA.MIT.EDU .media.mit.edu = MEDIA-LAB.MIT.EDU media.mit.edu = MEDIA-LAB.MIT.EDU .ucsc.edu = CATS.UCSC.EDU [logging] # kdc = CONSOLE " test Krb5.lns get dist_str = { "libdefaults" { "default_realm" = "ATHENA.MIT.EDU" } { "krb4_config" = "/usr/kerberos/lib/krb.conf" } { "krb4_realms" = "/usr/kerberos/lib/krb.realms" } { } } { "realms" { "realm" = "ATHENA.MIT.EDU" { "admin_server" = "KERBEROS.MIT.EDU" } { "default_domain" = "MIT.EDU" } { "v4_instance_convert" { "mit" = "mit.edu" } { "lithium" = "lithium.lcs.mit.edu" } } } { "realm" = "ANDREW.CMU.EDU" { "admin_server" = "vice28.fs.andrew.cmu.edu" } } { "#comment" = "use \"kdc =\" if realm admins haven't put SRV records into DNS" } { "realm" = "GNU.ORG" { "kdc" = "kerberos.gnu.org" } { "kdc" = "kerberos-2.gnu.org" } { "admin_server" = "kerberos.gnu.org" } } { } } { "domain_realm" { ".mit.edu" = "ATHENA.MIT.EDU" } { "mit.edu" = "ATHENA.MIT.EDU" } { ".media.mit.edu" = "MEDIA-LAB.MIT.EDU" } { "media.mit.edu" = "MEDIA-LAB.MIT.EDU" } { ".ucsc.edu" = "CATS.UCSC.EDU" } { } } { "logging" { "#comment" = "kdc = CONSOLE" } } (* Test for [libdefaults] *) test Krb5.libdefaults get "[libdefaults] default_realm = ATHENA.MIT.EDU krb4_config = /usr/kerberos/lib/krb.conf krb4_realms = /usr/kerberos/lib/krb.realms\n\n" = { "libdefaults" { "default_realm" = "ATHENA.MIT.EDU" } { "krb4_config" = "/usr/kerberos/lib/krb.conf" } { "krb4_realms" = "/usr/kerberos/lib/krb.realms" } { } } (* Test for [appfdefaults] *) test Krb5.appdefaults get "[appdefaults]\n\tdefault_lifetime = 7d\n" = { "appdefaults" { "default_lifetime" = "7d" } } test Krb5.appdefaults get "[appdefaults]\nrcp = { \n forward = true\n encrypt = false\n }\n" = { "appdefaults" { "application" = "rcp" { "forward" = "true" } { "encrypt" = "false" } } } test Krb5.appdefaults get "[appdefaults]\ntelnet = {\n\t}\n" = { "appdefaults" { "application" = "telnet" } } test Krb5.appdefaults get "[appdefaults] rcp = { forward = true ATHENA.MIT.EDU = { encrypt = false } MEDIA-LAB.MIT.EDU = { encrypt = true } forwardable = true }\n" = { "appdefaults" { "application" = "rcp" { "forward" = "true" } { "realm" = "ATHENA.MIT.EDU" { "encrypt" = "false" } } { "realm" = "MEDIA-LAB.MIT.EDU" { "encrypt" = "true" } } { "forwardable" = "true" } } } let appdef = "[appdefaults] default_lifetime = 7d retain_ccache = false autologin = true forward = true forwardable = true renewable = true encrypt = true krb5_aklog_path = /usr/bin/aklog telnet = { } rcp = { forward = true encrypt = false allow_fallback = true } rsh = { allow_fallback = true } rlogin = { allow_fallback = false } login = { forwardable = true krb5_run_aklog = false krb5_get_tickets = true krb4_get_tickets = false krb4_convert = false } kinit = { forwardable = true krb5_run_aklog = false } kadmin = { forwardable = false } rshd = { krb5_run_aklog = false } ftpd = { krb5_run_aklog = false default_lifetime = 10h } pam = { debug = false forwardable = true renew_lifetime = 7d ticket_lifetime = 1560m krb4_convert = true afs_cells = fnal.gov krb5_run_aklog = false }\n" let appdef_tree = { "appdefaults" { "default_lifetime" = "7d" } { "retain_ccache" = "false" } { "autologin" = "true" } { "forward" = "true" } { "forwardable" = "true" } { "renewable" = "true" } { "encrypt" = "true" } { "krb5_aklog_path" = "/usr/bin/aklog" } { } { "application" = "telnet" } { } { "application" = "rcp" { "forward" = "true" } { "encrypt" = "false" } { "allow_fallback" = "true" } } { } { "application" = "rsh" { "allow_fallback" = "true" } } { } { "application" = "rlogin" { "allow_fallback" = "false" } } { } { } { "application" = "login" { "forwardable" = "true" } { "krb5_run_aklog" = "false" } { "krb5_get_tickets" = "true" } { "krb4_get_tickets" = "false" } { "krb4_convert" = "false" } } { } { "application" = "kinit" { "forwardable" = "true" } { "krb5_run_aklog" = "false" } } { } { "application" = "kadmin" { "forwardable" = "false" } } { } { "application" = "rshd" { "krb5_run_aklog" = "false" } } { } { "application" = "ftpd" { "krb5_run_aklog" = "false" } { "default_lifetime" = "10h" } } { } { "application" = "pam" { "debug" = "false" } { "forwardable" = "true" } { "renew_lifetime" = "7d" } { "ticket_lifetime" = "1560m" } { "krb4_convert" = "true" } { "afs_cells" = "fnal.gov" } { "krb5_run_aklog" = "false" } } } test Krb5.appdefaults get appdef = appdef_tree test Krb5.lns get appdef = appdef_tree (* Test realms section *) let realms_str = "[realms] ATHENA.MIT.EDU = { admin_server = KERBEROS.MIT.EDU default_domain = MIT.EDU database_module = ldapconf # test v4_instance_convert = { mit = mit.edu lithium = lithium.lcs.mit.edu } v4_realm = LCS.MIT.EDU }\n" test Krb5.lns get realms_str = { "realms" { "realm" = "ATHENA.MIT.EDU" { "admin_server" = "KERBEROS.MIT.EDU" } { "default_domain" = "MIT.EDU" } { "database_module" = "ldapconf" } { } { "#comment" = "test" } { "v4_instance_convert" { "mit" = "mit.edu" } { "lithium" = "lithium.lcs.mit.edu" } } { "v4_realm" = "LCS.MIT.EDU" } } } (* Test dpmain_realm section *) let domain_realm_str = "[domain_realm] .mit.edu = ATHENA.MIT.EDU mit.edu = ATHENA.MIT.EDU dodo.mit.edu = SMS_TEST.MIT.EDU .ucsc.edu = CATS.UCSC.EDU\n" test Krb5.lns get domain_realm_str = { "domain_realm" { ".mit.edu" = "ATHENA.MIT.EDU" } { "mit.edu" = "ATHENA.MIT.EDU" } { "dodo.mit.edu" = "SMS_TEST.MIT.EDU" } { ".ucsc.edu" = "CATS.UCSC.EDU" } } (* Test logging section *) let logging_str = "[logging] kdc = CONSOLE kdc = SYSLOG:INFO:DAEMON admin_server = FILE:/var/adm/kadmin.log admin_server = DEVICE=/dev/tty04\n" test Krb5.lns get logging_str = { "logging" { "kdc" { "console" } } { "kdc" { "syslog" { "severity" = "INFO" } { "facility" = "DAEMON" } } } { "admin_server" { "file" = "/var/adm/kadmin.log" } } { "admin_server" { "device" = "/dev/tty04" } } } (* Test capaths section *) let capaths_str = "[capaths] ANL.GOV = { TEST.ANL.GOV = . PNL.GOV = ES.NET NERSC.GOV = ES.NET ES.NET = . } TEST.ANL.GOV = { ANL.GOV = . } PNL.GOV = { ANL.GOV = ES.NET } NERSC.GOV = { ANL.GOV = ES.NET } ES.NET = { ANL.GOV = . }\n" test Krb5.lns get capaths_str = { "capaths" { "ANL.GOV" { "TEST.ANL.GOV" = "." } { "PNL.GOV" = "ES.NET" } { "NERSC.GOV" = "ES.NET" } { "ES.NET" = "." } } { "TEST.ANL.GOV" { "ANL.GOV" = "." } } { "PNL.GOV" { "ANL.GOV" = "ES.NET" } } { "NERSC.GOV" { "ANL.GOV" = "ES.NET" } } { "ES.NET" { "ANL.GOV" = "." } } } (* Test instancemapping *) test Krb5.instance_mapping get "[instancemapping] afs = { cron/* = \"\" cms/* = \"\" afs/* = \"\" e898/* = \"\" }\n" = { "instancemapping" { "afs" { "mapping" = "cron/*" { "value" = "" } } { "mapping" = "cms/*" { "value" = "" } } { "mapping" = "afs/*" { "value" = "" } } { "mapping" = "e898/*" { "value" = "" } } } } test Krb5.kdc get "[kdc] profile = /var/kerberos/krb5kdc/kdc.conf\n" = { "kdc" { "profile" = "/var/kerberos/krb5kdc/kdc.conf" } } (* v4_name_convert in libdefaults *) test Krb5.libdefaults get "[libdefaults] default_realm = MY.REALM clockskew = 300 v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } }\n" = { "libdefaults" { "default_realm" = "MY.REALM" } { "clockskew" = "300" } { "v4_instance_resolve" = "false" } { "v4_name_convert" { "host" { "rcmd" = "host" } { "ftp" = "ftp" } } { "plain" { "something" = "something-else" } } } } (* Test pam section *) let pam_str = "[pam] debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false " test Krb5.lns get pam_str = { "pam" { "debug" = "false" } { "ticket_lifetime" = "36000" } { "renew_lifetime" = "36000" } { "forwardable" = "true" } { "krb4_convert" = "false" } } (* Ticket #274 - multiple *enctypes values *) let multiple_enctypes = "[libdefaults] permitted_enctypes = arcfour-hmac-md5 arcfour-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc aes128-cts default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5 default_tkt_enctypes = des-cbc-md5 " test Krb5.lns get multiple_enctypes = { "libdefaults" { "permitted_enctypes" = "arcfour-hmac-md5" } { "permitted_enctypes" = "arcfour-hmac" } { "permitted_enctypes" = "des3-cbc-sha1" } { "permitted_enctypes" = "des-cbc-md5" } { "permitted_enctypes" = "des-cbc-crc" } { "permitted_enctypes" = "aes128-cts" } { "#eol" } { "default_tgs_enctypes" = "des3-cbc-sha1" } { "default_tgs_enctypes" = "des-cbc-md5" } { "#eol" } { "default_tkt_enctypes" = "des-cbc-md5" } { "#eol" } } (* Ticket #274 - v4_name_convert subsection *) let v4_name_convert = "[realms] EXAMPLE.COM = { kdc = kerberos.example.com:88 admin_server = kerberos.example.com:749 default_domain = example.com ticket_lifetime = 12h v4_name_convert = { host = { rcmd = host } } } " test Krb5.lns get v4_name_convert = { "realms" { "realm" = "EXAMPLE.COM" { "kdc" = "kerberos.example.com:88" } { "admin_server" = "kerberos.example.com:749" } { "default_domain" = "example.com" } { "ticket_lifetime" = "12h" } { "v4_name_convert" { "host" { "rcmd" = "host" } } } } } (* Ticket #288: semicolons for comments *) test Krb5.lns get "; AD : This Kerberos configuration is for CERN's Active Directory realm.\n" = { "#comment" = "AD : This Kerberos configuration is for CERN's Active Directory realm." } (* RHBZ#1066419: braces in values *) test Krb5.lns get "[libdefaults]\n default_ccache_name = KEYRING:persistent:%{uid}\n" = { "libdefaults" { } { "default_ccache_name" = "KEYRING:persistent:%{uid}" } } (* Include(dir) tests *) let include_test = "include /etc/krb5.other_conf.d/other.conf includedir /etc/krb5.conf.d/ " test Krb5.lns get include_test = { "include" = "/etc/krb5.other_conf.d/other.conf" } { "includedir" = "/etc/krb5.conf.d/" } let include2_test = "[logging] default = FILE:/var/log/krb5libs.log include /etc/krb5.other_conf.d/other.conf includedir /etc/krb5.conf.d/ " test Krb5.lns get include2_test = { "logging" { "default" { "file" = "/var/log/krb5libs.log" } } { } } { "include" = "/etc/krb5.other_conf.d/other.conf" } { } { "includedir" = "/etc/krb5.conf.d/" } (* [dbmodules] test *) let dbmodules_test = "[dbmodules] ATHENA.MIT.EDU = { disable_last_success = true } db_module_dir = /some/path " test Krb5.lns get dbmodules_test = { "dbmodules" { "realm" = "ATHENA.MIT.EDU" { "disable_last_success" = "true" } } { "db_module_dir" = "/some/path" } } (* [plugins] test *) let plugins_test = "[plugins] clpreauth = { module = mypreauth:/path/to/mypreauth.so } ccselect = { disable = k5identity } pwqual = { module = mymodule:/path/to/mymodule.so module = mymodule2:/path/to/mymodule2.so enable_only = mymodule } kadm5_hook = { } " test Krb5.lns get plugins_test = { "plugins" { "clpreauth" { "module" = "mypreauth:/path/to/mypreauth.so" } } { "ccselect" { "disable" = "k5identity" } } { "pwqual" { "module" = "mymodule:/path/to/mymodule.so" } { "module" = "mymodule2:/path/to/mymodule2.so" } { "enable_only" = "mymodule" } } { "kadm5_hook" } }