[libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes [realms] EXAMPLE.COM = { kdc = ad.example.com admin_server = ad.example.com default_domain = example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM # Insecure: Exposing credentials in krb5.conf for automated ticket retrieval (NOT recommended) [login] krb5_get_init_creds_keytab = false # Insecure: Plaintext credentials for AD principal [appdefaults] kinit = { principal = admin@EXAMPLE.COM password = P@ssw0rd123 } pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true }