[kdcdefaults]
 kdc_ports = 88
 kdc_tcp_ports = 88

[realms]
# EXAMPLE.COM = {
  #master_key_type = aes256-cts
#  acl_file = /var/kerberos/krb5kdc/kadm5.acl
#  dict_file = /usr/share/dict/words
#  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
 # supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
# }

SAFARICOM.NET= {
  #master_key_type = aes256-cts
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
  ##default_domain = safaricom.net

}

[plugins]
  kdcpreauth = {
    module = pkinit:/usr/lib/krb5/plugins/preauth/pkinit.so
  }