From 1717d3d86ae24072bea1441c886eedbf9ef0dcd2 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 27 Oct 2009 01:52:14 +0000 Subject: [PATCH] Cleanup prev commits, fix krbPrincStartTime/pwdStartTime distinction --- doc/drafts/draft-chu-ldap-kdc-schema-xx.xml | 44 +++++++++++++-------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/doc/drafts/draft-chu-ldap-kdc-schema-xx.xml b/doc/drafts/draft-chu-ldap-kdc-schema-xx.xml index f6c0a45188..a544ce19b5 100644 --- a/doc/drafts/draft-chu-ldap-kdc-schema-xx.xml +++ b/doc/drafts/draft-chu-ldap-kdc-schema-xx.xml @@ -14,7 +14,7 @@ - + ]> @@ -108,6 +108,8 @@ krbPrincipalName krbPrincipalAliases + krbPrincStartTime + krbPrincEndTime krbTicketMaxLife krbTicketMaxRenewal krbEncSaltTypes @@ -181,7 +183,7 @@ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) - This attribute impelents section 6.1.1.2 of the Information Model. + This attribute implements section 6.1.1.2 of the Information Model. It holds the date the principal becomes valid. @@ -194,7 +196,7 @@ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) - This attribute impelents section 6.1.1.3 of the Information Model. + This attribute implements section 6.1.1.3 of the Information Model. It holds the date the principal becomes invalid. @@ -479,25 +481,13 @@ A number of data elements described in the Information Model are delegated to the LDAP DSA for management. Details of their usage are described here. -
- Section 6.1.1.2 of the Information Model. This corresponds to the - pwdStartTime attribute. If the KDC is using LDAP requests to operate the - Password Policy mechanism then it does not need to reference or manipulate - this attribute directly. -
-
- Section 6.1.1.3 of the Information Model. This corresponds to the - pwdEndTime attribute. If the KDC is using LDAP requests to operate the - Password Policy mechanism then it does not need to reference or manipulate - this attribute directly. -
Section 6.1.1.4 of the Information Model. If the KDC is using LDAP requests to operate the Password Policy mechanism then it does not need to reference or manipulate this attribute directly. Otherwise, this effect is controlled by setting - the pwdStartTime attribute to a value greater than or equal to the - pwdEndTime attribute. + the krbPrincStartTime attribute to a value greater than or equal to the + krbPrincEndTime attribute.
Section 6.1.1.5 of the Information Model. @@ -537,6 +527,26 @@ modifyTimestamp attribute. The KDC does not need to reference or manipulate this attribute directly.
+
+ Section 6.3.1.5 of the Information Model. This corresponds to the + pwdEndTime attribute. If the KDC is using LDAP requests to operate the + Password Policy mechanism then it does not need to reference or manipulate + this attribute directly. +
+
+ Section 6.3.1.6 of the Information Model. This corresponds to the + pwdStartTime attribute. If the KDC is using LDAP requests to operate the + Password Policy mechanism then it does not need to reference or manipulate + this attribute directly. +
+
+ Section 6.3.1.7 of the Information Model. + If the KDC is using LDAP requests to operate the + Password Policy mechanism then it does not need to reference or manipulate + this attribute directly. Otherwise, this effect is controlled by setting + the pwdStartTime attribute to a value greater than or equal to the + pwdEndTime attribute. +
The krbKeySet attribute is multi-valued but it is expected that -- 2.39.5