6 files changed, 52 insertions, 6 deletions

diff --git a/ci/files/heimdal/heimdal-kdc b/ci/files/heimdal/heimdal-kdc
new file mode 100644
index 0000000..d781463
--- /dev/null
+++ b/ci/files/heimdal/heimdal-kdc
@@ -0,0 +1,9 @@
+# Heimdal KDC init script setup.  -*- sh -*-
+
+# KDC configuration.
+KDC_ENABLED=yes
+KDC_PARAMS='--config-file=/etc/heimdal-kdc/kdc.conf'
+
+# kpasswdd configuration.
+KPASSWDD_ENABLED=yes
+KPASSWDD_PARAMS='-r HEIMDAL.TEST'
diff --git a/ci/files/heimdal/kadmind.acl b/ci/files/heimdal/kadmind.acl
new file mode 100644
index 0000000..2f4a084
--- /dev/null
+++ b/ci/files/heimdal/kadmind.acl
@@ -0,0 +1 @@
+test/wallet@HEIMDAL.TEST  all,get-keys  wallet/*@HEIMDAL.TEST
diff --git a/ci/files/heimdal/kdc.conf b/ci/files/heimdal/kdc.conf
new file mode 100644
index 0000000..bd00dcd
--- /dev/null
+++ b/ci/files/heimdal/kdc.conf
@@ -0,0 +1,22 @@
+# Heimdal KDC configuration.  -*- conf -*-
+
+[kadmin]
+    default_keys           = aes256-cts-hmac-sha1-96:pw-salt
+
+[kdc]
+    acl_file               = /etc/heimdal-kdc/kadmind.acl
+    check-ticket-addresses = false
+    logging                = SYSLOG:NOTICE
+    ports                  = 88
+
+[libdefaults]
+    default_realm          = HEIMDAL.TEST
+    dns_lookup_kdc         = false
+    dns_lookup_realm       = false
+
+[realms]
+    HEIMDAL.TEST.EYRIE.ORG = {
+        kdc            = 127.0.0.1
+        master_kdc     = 127.0.0.1
+        admin_server   = 127.0.0.1
+    }
diff --git a/ci/files/heimdal/krb5.conf b/ci/files/heimdal/krb5.conf
new file mode 100644
index 0000000..65dc71e
--- /dev/null
+++ b/ci/files/heimdal/krb5.conf
@@ -0,0 +1,18 @@
+[libdefaults]
+    default_realm         = HEIMDAL.TEST
+    dns_lookup_kdc        = false
+    dns_lookup_realm      = false
+    rdns                  = false
+    renew_lifetime        = 7d
+    ticket_lifetime       = 25h
+
+[realms]
+    HEIMDAL.TEST = {
+        kdc               = 127.0.0.1
+        master_kdc        = 127.0.0.1
+        admin_server      = 127.0.0.1
+    }
+
+[logging]
+    kdc                   = SYSLOG:NOTICE
+    default               = SYSLOG:NOTICE
diff --git a/ci/files/mit/kdc.conf b/ci/files/mit/kdc.conf
index 7bf4e6a..09e6795 100644
--- a/ci/files/mit/kdc.conf
+++ b/ci/files/mit/kdc.conf
@@ -1,7 +1,6 @@
 [kdcdefaults]
-    kdc_ports                   = 88
-    kdc_tcp_ports               = 88
-    restrict_anonymous_to_tgt   = true
+    kdc_ports     = 88
+    kdc_tcp_ports = 88
 
 [realms]
     MIT.TEST = {
@@ -14,6 +13,4 @@
         master_key_type         = aes256-cts
         supported_enctypes      = aes256-cts:normal
         default_principal_flags = +preauth
-        pkinit_identity         = FILE:/var/lib/krb5kdc/kdc.pem,/var/lib/krb5kdc/kdckey.pem
-        pkinit_anchors          = FILE:/etc/krb5kdc/cacert.pem
     }
diff --git a/ci/files/mit/krb5.conf b/ci/files/mit/krb5.conf
index 9b0d5ab..37816a2 100644
--- a/ci/files/mit/krb5.conf
+++ b/ci/files/mit/krb5.conf
@@ -11,7 +11,6 @@
         kdc               = 127.0.0.1
         master_kdc        = 127.0.0.1
         admin_server      = 127.0.0.1
-        pkinit_anchors    = FILE:/etc/krb5kdc/cacert.pem
     }
 
 [logging]