[kdc] logging = FILE:/var/log/heimdal-kdc.log enable-pkinit = yes pkinit_identity = FILE:/etc/trinity/ldap/tde-ca/public/@@@KDCSERVER@@@.pki.crt,/etc/trinity/ldap/tde-ca/private/@@@KDCSERVER@@@.pki.key pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem pkinit_allow-proxy-certificate = false acl_file = /etc/heimdal-kdc/kadmind.acl database = { dbname = ldap:@@@REALM_DCNAME@@@ acl_file = /etc/heimdal-kdc/kadmind.acl }