2 # $Id: hdb.schema,v 1.3 2000/02/22 21:51:53 lukeh Exp $
3 # Definitions for a Kerberos V KDC schema
6 # This schema is not usable as it contains invalid constructs.
7 # It is provided for informational purposes only.
10 # OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
12 # Syntaxes are under 1.3.6.1.4.1.5322.10.0
13 # Attributes types are under 1.3.6.1.4.1.5322.10.1
14 # Object classes are under 1.3.6.1.4.1.5322.10.2
18 #krb5KDCFlagsSyntax SYNTAX ::= {
20 #-- initial(0), -- require as-req
21 #-- forwardable(1), -- may issue forwardable
22 #-- proxiable(2), -- may issue proxiable
23 #-- renewable(3), -- may issue renewable
24 #-- postdate(4), -- may issue postdatable
25 #-- server(5), -- may be server
26 #-- client(6), -- may be client
27 #-- invalid(7), -- entry is invalid
28 #-- require-preauth(8), -- must use preauth
29 #-- change-pw(9), -- change password service
30 #-- require-hwauth(10), -- must use hwauth
31 #-- ok-as-delegate(11), -- as in TicketFlags
32 #-- user-to-user(12), -- may use user-to-user auth
33 #-- immutable(13) -- may not be deleted
34 # ID { 1.3.6.1.4.1.5322.10.0.1 }
37 #krb5PrincipalNameSyntax SYNTAX ::= {
38 # WITH SYNTAX OCTET STRING
39 #-- String representations of distinguished names as per RFC1510
40 # ID { 1.3.6.1.4.1.5322.10.0.2 }
43 # Attribute type definitions
45 attributetype ( 1.3.6.1.4.1.5322.10.1.1
46 NAME 'krb5PrincipalName'
47 DESC 'The unparsed Kerberos principal name'
48 EQUALITY caseExactIA5Match
50 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
52 attributetype ( 1.3.6.1.4.1.5322.10.1.2
53 NAME 'krb5KeyVersionNumber'
56 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
58 attributetype ( 1.3.6.1.4.1.5322.10.1.3
62 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
64 attributetype ( 1.3.6.1.4.1.5322.10.1.4
68 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
70 attributetype ( 1.3.6.1.4.1.5322.10.1.5
74 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
76 attributetype ( 1.3.6.1.4.1.5322.10.1.6
77 NAME 'krb5EncryptionType'
79 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
81 attributetype ( 1.3.6.1.4.1.5322.10.1.7
83 ORDERING generalizedTimeOrderingMatch
84 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
87 attributetype ( 1.3.6.1.4.1.5322.10.1.8
89 ORDERING generalizedTimeOrderingMatch
90 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
93 attributetype ( 1.3.6.1.4.1.5322.10.1.9
94 NAME 'krb5PasswordEnd'
95 ORDERING generalizedTimeOrderingMatch
96 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
99 # this is temporary; keys will eventually
100 # be child entries or compound attributes.
101 attributetype ( 1.3.6.1.4.1.5322.10.1.10
103 DESC 'Encoded ASN1 Key as an octet string'
104 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
106 attributetype ( 1.3.6.1.4.1.5322.10.1.11
107 NAME 'krb5PrincipalRealm'
108 DESC 'Distinguished name of krb5Realm entry'
109 SUP distinguishedName )
111 attributetype ( 1.3.6.1.4.1.5322.10.1.12
113 EQUALITY octetStringMatch
114 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
116 # Object class definitions
118 objectclass ( 1.3.6.1.4.1.5322.10.2.1
122 MUST ( krb5PrincipalName )
123 MAY ( cn $ krb5PrincipalRealm ) )
125 objectclass ( 1.3.6.1.4.1.5322.10.2.2
129 MUST ( krb5KeyVersionNumber )
130 MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
131 krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
132 krb5EncryptionType $ krb5Key ) )
134 objectclass ( 1.3.6.1.4.1.5322.10.2.3
138 MUST ( krb5RealmName ) )