[kdc]
    logging = FILE:/var/log/heimdal-kdc.log
    enable-pkinit = yes
    pkinit_principal_in_certificate = no
    pkinit_identity = FILE:@@@KRBKDCPEMFILE@@@,@@@KRBKDCPEMKEYFILE@@@
    pkinit_anchors = FILE:@@@KRBPKIPEMFILE@@@
    pkinit_allow-proxy-certificate = false
    acl_file = /etc/heimdal-kdc/kadmind.acl

    database = {
        dbname = ldap:@@@REALM_DCNAME@@@
        realm = @@@REALM_UCNAME@@@
        acl_file = /etc/heimdal-kdc/kadmind.acl
    }