[kdcdefaults]
    kdc_ports                   = 88
    kdc_tcp_ports               = 88
    restrict_anonymous_to_tgt   = true

[realms]
    MIT.TEST = {
        database_name           = /var/lib/krb5kdc/principal
        admin_keytab            = /var/lib/krb5kdc/kadm5.keytab
        acl_file                = /etc/krb5kdc/kadm5.acl
        key_stash_file          = /var/lib/krb5kdc/stash
        max_life                = 1d 1h 0m 0s
        max_renewable_life      = 7d 0h 0m 0s
        master_key_type         = aes256-cts
        supported_enctypes      = aes256-cts:normal
        default_principal_flags = +preauth
        pkinit_identity         = FILE:/var/lib/krb5kdc/kdc.pem,/var/lib/krb5kdc/kdckey.pem
        pkinit_anchors          = FILE:/etc/krb5kdc/cacert.pem
    }