[libdefaults]
    dns_lookup_kdc = no
    dns_lookup_realm = no
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    default_realm = sub.holding.com

    # for Windows 2008 with AES
    default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
    default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
    permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5

[realms]
    sub.holding.com = {
        kdc = kom-dc01.sub.holding.com
        kdc = kom-dc02.sub.holding.com
        admin_server = kom-dc01.sub.holding.com
        default_domain = sub.holding.com
    }

[domain_realm]
    .sub.holding.com = sub.holding.com
    sub.holding.com = sub.holding.com