# /etc/wallet/wallet.conf -- Wallet system configuration.  -*- perl -*-
#
# Configuration for the wallet system as used at Stanford University.  See
# Wallet::Config(3) for complete details.  Interesting features to note are
# loading the database password from an external file and full implementations
# of a naming policy check and default ACL rules.
#
# Written by Russ Allbery <eagle@eyrie.org>
# Copyright 2007, 2008, 2009, 2010, 2012, 2013
#     The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.

# default_owner and verify_name come from our policy module.
use Wallet::Policy::Stanford qw(default_owner verify_name);

$DB_DDL_DIRECTORY = '/usr/share/wallet';
$DB_DRIVER        = 'mysql';
$DB_NAME          = 'wallet';
$DB_HOST          = 'localhost';
$DB_USER          = 'wallet';

# Read the MySQL password from a separate file so that we don't have to commit
# it to the Puppet repository.
open(my $password_file, '<', '/etc/wallet/mysql-password')
  or die "cannot open /etc/wallet/mysql-password: $!\n";
$DB_PASSWORD = <$password_file>;
close($password_file);
chomp($DB_PASSWORD);

# The maximum file object size is arbitrary, just something to keep anyone
# from filling the disk.
$FILE_BUCKET   = '/srv/wallet/files';
$FILE_MAX_SIZE = 512 * 1024;

# Kerberos keytab backend confguration.
$KEYTAB_KRBTYPE   = 'Heimdal';
$KEYTAB_FILE      = '/etc/wallet/keytab';
$KEYTAB_FLAGS     = '-clearpolicy';
$KEYTAB_HOST      = 'krb5-admin.stanford.edu';
$KEYTAB_PRINCIPAL = 'service/wallet@stanford.edu';
$KEYTAB_REALM     = 'stanford.edu';
$KEYTAB_TMP       = '/var/lib/wallet';

# NetDB ACL type configuration.
$NETDB_REALM        = 'stanford.edu';
$NETDB_REMCTL_CACHE = '/var/lib/wallet/krb5cc_wallet';
$NETDB_REMCTL_HOST  = 'netdb-node-roles-rc.stanford.edu';

1;