2 # $Id: hdb.schema,v 1.3 2000/02/22 21:51:53 lukeh Exp $
3 # Definitions for a Kerberos V KDC schema
5 # OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
7 # Syntaxes are under 1.3.6.1.4.1.5322.10.0
8 # Attributes types are under 1.3.6.1.4.1.5322.10.1
9 # Object classes are under 1.3.6.1.4.1.5322.10.2
13 #krb5KDCFlagsSyntax SYNTAX ::= {
15 #-- initial(0), -- require as-req
16 #-- forwardable(1), -- may issue forwardable
17 #-- proxiable(2), -- may issue proxiable
18 #-- renewable(3), -- may issue renewable
19 #-- postdate(4), -- may issue postdatable
20 #-- server(5), -- may be server
21 #-- client(6), -- may be client
22 #-- invalid(7), -- entry is invalid
23 #-- require-preauth(8), -- must use preauth
24 #-- change-pw(9), -- change password service
25 #-- require-hwauth(10), -- must use hwauth
26 #-- ok-as-delegate(11), -- as in TicketFlags
27 #-- user-to-user(12), -- may use user-to-user auth
28 #-- immutable(13) -- may not be deleted
29 # ID { 1.3.6.1.4.1.5322.10.0.1 }
32 #krb5PrincipalNameSyntax SYNTAX ::= {
33 # WITH SYNTAX OCTET STRING
34 #-- String representations of distinguished names as per RFC1510
35 # ID { 1.3.6.1.4.1.5322.10.0.2 }
38 # Attribute type definitions
40 attributetype ( 1.3.6.1.4.1.5322.10.1.1
41 NAME 'krb5PrincipalName'
42 DESC 'The unparsed Kerberos principal name'
43 EQUALITY caseExactIA5Match
45 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
47 attributetype ( 1.3.6.1.4.1.5322.10.1.2
48 NAME 'krb5KeyVersionNumber'
51 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
53 attributetype ( 1.3.6.1.4.1.5322.10.1.3
57 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
59 attributetype ( 1.3.6.1.4.1.5322.10.1.4
63 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
65 attributetype ( 1.3.6.1.4.1.5322.10.1.5
69 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
71 attributetype ( 1.3.6.1.4.1.5322.10.1.6
72 NAME 'krb5EncryptionType'
74 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
76 attributetype ( 1.3.6.1.4.1.5322.10.1.7
78 ORDERING generalizedTimeOrderingMatch
79 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
82 attributetype ( 1.3.6.1.4.1.5322.10.1.8
84 ORDERING generalizedTimeOrderingMatch
85 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
88 attributetype ( 1.3.6.1.4.1.5322.10.1.9
89 NAME 'krb5PasswordEnd'
90 ORDERING generalizedTimeOrderingMatch
91 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
94 # this is temporary; keys will eventually
95 # be child entries or compound attributes.
96 attributetype ( 1.3.6.1.4.1.5322.10.1.10
98 DESC 'Encoded ASN1 Key as an octet string'
99 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
101 attributetype ( 1.3.6.1.4.1.5322.10.1.11
102 NAME 'krb5PrincipalRealm'
103 DESC 'Distinguished name of krb5Realm entry'
104 SUP distinguishedName )
106 attributetype ( 1.3.6.1.4.1.5322.10.1.12
108 EQUALITY octetStringMatch
109 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
111 # Object class definitions
113 objectclass ( 1.3.6.1.4.1.5322.10.2.1
117 MUST ( krb5PrincipalName )
118 MAY ( cn $ krb5PrincipalRealm ) )
120 objectclass ( 1.3.6.1.4.1.5322.10.2.2
124 MUST ( krb5KeyVersionNumber )
125 MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
126 krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
127 krb5EncryptionType $ krb5Key ) )
129 objectclass ( 1.3.6.1.4.1.5322.10.2.3
133 MUST ( krb5RealmName ) )