/usr/share/ipa/kerberos.ldif is in freeipa-server 4.7.0~pre1+git20180411-2ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | #kerberos base object
dn: cn=kerberos,$SUFFIX
changetype: add
objectClass: krbContainer
objectClass: top
cn: kerberos
#Realm base object
dn: cn=$REALM,cn=kerberos,$SUFFIX
changetype: add
cn: $REALM
objectClass: top
objectClass: krbrealmcontainer
objectClass: krbticketpolicyaux
krbSubTrees: $SUFFIX
krbSearchScope: 2
krbSupportedEncSaltTypes: aes256-cts:normal
krbSupportedEncSaltTypes: aes256-cts:special
krbSupportedEncSaltTypes: aes128-cts:normal
krbSupportedEncSaltTypes: aes128-cts:special
krbSupportedEncSaltTypes: des3-hmac-sha1:normal
krbSupportedEncSaltTypes: des3-hmac-sha1:special
krbSupportedEncSaltTypes: arcfour-hmac:normal
krbSupportedEncSaltTypes: arcfour-hmac:special
krbSupportedEncSaltTypes: camellia128-cts-cmac:normal
krbSupportedEncSaltTypes: camellia128-cts-cmac:special
krbSupportedEncSaltTypes: camellia256-cts-cmac:normal
krbSupportedEncSaltTypes: camellia256-cts-cmac:special
krbMaxTicketLife: 86400
krbMaxRenewableAge: 604800
krbDefaultEncSaltTypes: aes256-cts:special
krbDefaultEncSaltTypes: aes128-cts:special
# Default password Policy
dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
changetype: add
objectClass: top
objectClass: nsContainer
objectClass: krbPwdPolicy
krbMinPwdLife: 3600
krbPwdMinDiffChars: 0
krbPwdMinLength: 8
krbPwdHistoryLength: 0
krbMaxPwdLife: 7776000
krbPwdMaxFailure: 6
krbPwdFailureCountInterval: 60
krbPwdLockoutDuration: 600
|