1 # krb5-kdc.schema - Definitions for a Kerberos V KDC schema
3 # $Id: hdb.schema,v 1.3 2000/02/22 21:51:53 lukeh Exp $
4 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 ## Copyright 1998-2003 The OpenLDAP Foundation.
7 ## All rights reserved.
9 ## Redistribution and use in source and binary forms, with or without
10 ## modification, are permitted only as authorized by the OpenLDAP
13 ## A copy of this license is available in the file LICENSE in the
14 ## top-level directory of the distribution or, alternatively, at
15 ## <http://www.OpenLDAP.org/license.html>.
18 # This schema is not usable as it contains invalid constructs.
19 # It is provided to developers for informational purposes only.
22 # OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
24 # Syntaxes are under 1.3.6.1.4.1.5322.10.0
25 # Attributes types are under 1.3.6.1.4.1.5322.10.1
26 # Object classes are under 1.3.6.1.4.1.5322.10.2
30 #krb5KDCFlagsSyntax SYNTAX ::= {
32 #-- initial(0), -- require as-req
33 #-- forwardable(1), -- may issue forwardable
34 #-- proxiable(2), -- may issue proxiable
35 #-- renewable(3), -- may issue renewable
36 #-- postdate(4), -- may issue postdatable
37 #-- server(5), -- may be server
38 #-- client(6), -- may be client
39 #-- invalid(7), -- entry is invalid
40 #-- require-preauth(8), -- must use preauth
41 #-- change-pw(9), -- change password service
42 #-- require-hwauth(10), -- must use hwauth
43 #-- ok-as-delegate(11), -- as in TicketFlags
44 #-- user-to-user(12), -- may use user-to-user auth
45 #-- immutable(13) -- may not be deleted
46 # ID { 1.3.6.1.4.1.5322.10.0.1 }
49 #krb5PrincipalNameSyntax SYNTAX ::= {
50 # WITH SYNTAX OCTET STRING
51 #-- String representations of distinguished names as per RFC1510
52 # ID { 1.3.6.1.4.1.5322.10.0.2 }
55 # Attribute type definitions
57 attributetype ( 1.3.6.1.4.1.5322.10.1.1
58 NAME 'krb5PrincipalName'
59 DESC 'The unparsed Kerberos principal name'
60 EQUALITY caseExactIA5Match
62 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
64 attributetype ( 1.3.6.1.4.1.5322.10.1.2
65 NAME 'krb5KeyVersionNumber'
68 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
70 attributetype ( 1.3.6.1.4.1.5322.10.1.3
74 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
76 attributetype ( 1.3.6.1.4.1.5322.10.1.4
80 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
82 attributetype ( 1.3.6.1.4.1.5322.10.1.5
86 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
88 attributetype ( 1.3.6.1.4.1.5322.10.1.6
89 NAME 'krb5EncryptionType'
91 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
93 attributetype ( 1.3.6.1.4.1.5322.10.1.7
95 ORDERING generalizedTimeOrderingMatch
96 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
99 attributetype ( 1.3.6.1.4.1.5322.10.1.8
101 ORDERING generalizedTimeOrderingMatch
102 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
105 attributetype ( 1.3.6.1.4.1.5322.10.1.9
106 NAME 'krb5PasswordEnd'
107 ORDERING generalizedTimeOrderingMatch
108 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
111 # this is temporary; keys will eventually
112 # be child entries or compound attributes.
113 attributetype ( 1.3.6.1.4.1.5322.10.1.10
115 DESC 'Encoded ASN1 Key as an octet string'
116 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
118 attributetype ( 1.3.6.1.4.1.5322.10.1.11
119 NAME 'krb5PrincipalRealm'
120 DESC 'Distinguished name of krb5Realm entry'
121 SUP distinguishedName )
123 attributetype ( 1.3.6.1.4.1.5322.10.1.12
125 EQUALITY octetStringMatch
126 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
128 # Object class definitions
130 objectclass ( 1.3.6.1.4.1.5322.10.2.1
134 MUST ( krb5PrincipalName )
135 MAY ( cn $ krb5PrincipalRealm ) )
137 objectclass ( 1.3.6.1.4.1.5322.10.2.2
141 MUST ( krb5KeyVersionNumber )
142 MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
143 krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
144 krb5EncryptionType $ krb5Key ) )
146 objectclass ( 1.3.6.1.4.1.5322.10.2.3
150 MUST ( krb5RealmName ) )