[gnome-build-meta/mcatanzaro/krb5] Try to make Kerberos work

[Michael Catanzaro <mcatanzaro src gnome org>]

commit a30691d55b7b5b84419fbeae3c6744c4b84a38bb
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Wed Sep 18 13:49:07 2019 -0500

    Try to make Kerberos work
    
    I don't understand Kerberos, but Rishi kinda does, and he says we need
    to make it use the KCM credential cache to have a chance inside flatpak.
    
    It can be configured at build time, but that's not enough on its own. It
    seems we need to install a krb5.conf.

 elements/sdk/krb5.bst | 6 ++++++
 files/krb5/krb5.conf  | 9 +++++++++
 2 files changed, 15 insertions(+)
---
diff --git a/elements/sdk/krb5.bst b/elements/sdk/krb5.bst
index 76ea230c..da801c68 100644
--- a/elements/sdk/krb5.bst
+++ b/elements/sdk/krb5.bst
@@ -45,6 +45,12 @@ variables:
   conf-local: |
     --disable-rpath --with-system-et --with-system-ss
 
+config:
+  install-commands:
+    (>):
+    - mkdir -p %{install-root}%{sysconfdir}
+    - install -m 644 krb5-config/krb5.conf %{install-root}%{sysconfdir}/krb5.conf
+
 sources:
 - kind: tar
   url: https://kerberos.org/dist/krb5/1.16/krb5-1.16.2.tar.gz
diff --git a/files/krb5/krb5.conf b/files/krb5/krb5.conf
new file mode 100644
index 00000000..62f2d531
--- /dev/null
+++ b/files/krb5/krb5.conf
@@ -0,0 +1,9 @@
+[libdefaults]
+    dns_lookup_realm = false
+    ticket_lifetime = 24h
+    renew_lifetime = 7d
+    forwardable = true
+    rdns = false
+    pkinit_anchors = FILE:/etc/ssl/certs/ca-certificates.crt
+    spake_preauth_groups = edwards25519
+    default_ccache_name = KCM: