[libdefaults]
default_realm = TESLA.NEUSS
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
[realms]
TESLA.NEUSS = {
kdc = SERVER-DC2.tesla.neuss
default_domain = TESLA.NEUSS
}
[domain_realm]
.tesla.neuss = TESLA.NEUSS
tesla.neuss = TESLA.NEUSS
============================================================
Bei mehreren KDC trägt man diese hinter einander ein:
[libdefaults]
default_realm = example.com
[realms]
example.com = {
kdc = ServerPrimaryDC.example.com
kdc = serverDomainController1.example.com
kdc = serverDomainController2.example.com
}
south-example.com = {
kdc = serverPDCSouth.south-example.com
kdc = serverDomainController1.south-example.com
kdc = serverDomainController2.south-example.com}