<figure>
<artwork>
( KRBATTR.3
+ NAME 'krbPrincStartTime'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+ </artwork></figure>
+ This attribute impelents section 6.1.1.2 of the Information Model.
+ It holds the date the principal becomes valid.
+ </t>
+ <t>
+ <figure>
+ <artwork>
+ ( KRBATTR.4
+ NAME 'krbPrincEndTime'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+ </artwork></figure>
+ This attribute impelents section 6.1.1.3 of the Information Model.
+ It holds the date the principal becomes invalid.
+ </t>
+ <t>
+ <figure>
+ <artwork>
+ ( KRBATTR.5
NAME 'krbTicketMaxLife'
EQUALITY integerMatch
ORDERING integerOrderingMatch
<t>
<figure>
<artwork>
- ( KRBATTR.4
+ ( KRBATTR.6
NAME 'krbTicketMaxRenewal'
EQUALITY integerMatch
ORDERING integerOrderingMatch
<t>
<figure>
<artwork>
- ( KRBATTR.5
+ ( KRBATTR.7
NAME 'krbEncSaltTypes'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Holds the allowed encryption/salt type combinations for this principal.
If empty or absent any combination supported by the implementation is allowed.
<vspace/>
- Note that sections 6.1.1.2 thru 6.1.1.10 are implemented using the
+ Note that sections 6.1.1.4 thru 6.1.1.10 are implemented using the
LDAP Password Policy schema.
</t>
<t>
<figure>
<artwork>
- ( KRBATTR.6
+ ( KRBATTR.8
NAME 'krbRealmName'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
</figure>
<figure>
<artwork>
- ( KRBATTR.7
+ ( KRBATTR.9
NAME 'krbPrincipalRealm'
DESC 'DN of krbRealm entry'
SUP distinguishedName )
<t>
<figure>
<artwork>
- ( KRBATTR.8
+ ( KRBATTR.10
NAME 'krbKeyVersion'
EQUALITY integerMatch
- ORDERING integerOrderingMatch
+ ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE-VALUE )
</artwork>
</figure>
This attribute implements section 6.2.1.1 of the Information Model.
<t>
<figure>
<artwork>
- ( KRBATTR.9
+ ( KRBATTR.11
NAME 'krbKeySet'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
<t>
<figure>
<artwork>
- ( KRBATTR.10
+ ( KRBATTR.12
NAME 'krbTicketPolicy'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
<t>
<figure>
<artwork>
- ( KRBATTR.11
+ ( KRBATTR.13
NAME 'krbExtraData'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
but may be useful in some deployments.
<figure>
<artwork>
- ( KRBATTR.12
+ ( KRBATTR.14
NAME 'krbPrincNamingAttr'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
newly created principal entries.
<figure>
<artwork>
- ( KRBATTR.13
+ ( KRBATTR.15
NAME 'krbPrincContainer'
DESC 'DN of container entry for principals'
SUP distinguishedName
new principal entries will be created.
<figure>
<artwork>
- ( KRBATTR.14
+ ( KRBATTR.16
NAME 'krbPwdPolicy'
DESC 'DN of password policy subentry'
SUP distinguishedName
informational purposes.
<figure>
<artwork>
- ( KRBATTR.15
+ ( KRBATTR.17
NAME 'krbLDAPURI'
DESC 'LDAP search parameters for locating principals'
SUP labeledURI )
<artwork>
( KRBOC.2 NAME 'krbPrincipal' SUP krbKDCInfo AUXILIARY
MUST ( krbPrincipalName )
- MAY ( krbPrincipalAliases $ krbPrincipalRealm $
+ MAY ( krbPrincipalAliases $ krbPrincipalRealm $
+ krbPrincStartTime $ krbPrincEndTime $
krbExtraData ) )
</artwork>
</figure>
projects / openldap / commitdiff