Skip to content

Kerberos server

services.kerberos_server.enable

Whether to enable the kerberos authentication server. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/kerberos/default.nix

services.kerberos_server.settings

Settings for the kerberos server of choice.

See the following documentation: - Heimdal: {manpage}kdc.conf(5) - MIT Kerberos: https://web.mit.edu/kerberos/krb5-1.21/doc/admin/conf_files/kdc_conf.html

Type: attribute set of attribute set of ((list of attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean)) or attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean) or (list of (signed integer or string or boolean)) or signed integer or string or boolean)

Default

{ }

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/kerberos/default.nix

services.kerberos_server.settings.include

Files to include in the Kerberos configuration.

Type: (list of path) or path convertible to it

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/kerberos/default.nix

services.kerberos_server.settings.includedir

Directories containing files to include in the Kerberos configuration.

Type: (list of path) or path convertible to it

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/kerberos/default.nix

services.kerberos_server.settings.module

Modules to obtain Kerberos configuration from.

Type: (list of path) or path convertible to it

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/kerberos/default.nix

services.kerberos_server.settings.realms

The realm(s) to serve keys for.

Type: attribute set of (attribute set of ((list of attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean)) or attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean) or (list of (signed integer or string or boolean)) or signed integer or string or boolean))

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/kerberos/default.nix

services.kerberos_server.settings.realms.<name>.acl

The privileges granted to a user.

Type: list of (submodule)

Default

[{access = "all";principal = "*/admin";}{access = "all";principal = "admin";}]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/kerberos/default.nix

services.kerberos_server.settings.realms.<name>.acl.*.access

The changes the principal is allowed to make. Type: (list of (one of "add", "cpw", "delete", "get", "list", "modify")) or value "all" (singular enum)

Default

"all"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/kerberos/default.nix

services.kerberos_server.settings.realms.<name>.acl.*.principal

Which principal the rule applies to Type: string

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/kerberos/default.nix

services.kerberos_server.settings.realms.<name>.acl.*.target

The principals that 'access' applies to. Type: string

Default

"*"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/kerberos/default.nix