| blob | 57303900dceefb399bd0038399e32b4b6e3d69f6 |
1 # Definitions for a Kerberos V KDC schema
2 #
3 # $Id$
4 #
5 # This version is compatible with OpenLDAP 1.8
6 #
7 # OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
8 #
9 # Syntaxes are under 1.3.6.1.4.1.5322.10.0
10 # Attributes types are under 1.3.6.1.4.1.5322.10.1
11 # Object classes are under 1.3.6.1.4.1.5322.10.2
13 # Syntax definitions
15 #krb5KDCFlagsSyntax SYNTAX ::= {
16 # WITH SYNTAX INTEGER
17 #-- initial(0), -- require as-req
18 #-- forwardable(1), -- may issue forwardable
19 #-- proxiable(2), -- may issue proxiable
20 #-- renewable(3), -- may issue renewable
21 #-- postdate(4), -- may issue postdatable
22 #-- server(5), -- may be server
23 #-- client(6), -- may be client
24 #-- invalid(7), -- entry is invalid
25 #-- require-preauth(8), -- must use preauth
26 #-- change-pw(9), -- change password service
27 #-- require-hwauth(10), -- must use hwauth
28 #-- ok-as-delegate(11), -- as in TicketFlags
29 #-- user-to-user(12), -- may use user-to-user auth
30 #-- immutable(13) -- may not be deleted
31 # ID { 1.3.6.1.4.1.5322.10.0.1 }
32 #}
34 #krb5PrincipalNameSyntax SYNTAX ::= {
35 # WITH SYNTAX OCTET STRING
36 #-- String representations of distinguished names as per RFC1510
37 # ID { 1.3.6.1.4.1.5322.10.0.2 }
38 #}
40 # Attribute type definitions
42 attributetype ( 1.3.6.1.4.1.5322.10.1.1
43 NAME 'krb5PrincipalName'
44 DESC 'The unparsed Kerberos principal name'
45 EQUALITY caseExactIA5Match
46 SINGLE-VALUE
47 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
49 attributetype ( 1.3.6.1.4.1.5322.10.1.2
50 NAME 'krb5KeyVersionNumber'
51 EQUALITY integerMatch
52 SINGLE-VALUE
53 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
55 attributetype ( 1.3.6.1.4.1.5322.10.1.3
56 NAME 'krb5MaxLife'
57 EQUALITY integerMatch
58 SINGLE-VALUE
59 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
61 attributetype ( 1.3.6.1.4.1.5322.10.1.4
62 NAME 'krb5MaxRenew'
63 EQUALITY integerMatch
64 SINGLE-VALUE
65 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
67 attributetype ( 1.3.6.1.4.1.5322.10.1.5
68 NAME 'krb5KDCFlags'
69 EQUALITY integerMatch
70 SINGLE-VALUE
71 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
73 attributetype ( 1.3.6.1.4.1.5322.10.1.6
74 NAME 'krb5EncryptionType'
75 EQUALITY integerMatch
76 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
78 attributetype ( 1.3.6.1.4.1.5322.10.1.7
79 NAME 'krb5ValidStart'
80 EQUALITY generalizedTimeMatch
81 ORDERING generalizedTimeOrderingMatch
82 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
83 SINGLE-VALUE )
85 attributetype ( 1.3.6.1.4.1.5322.10.1.8
86 NAME 'krb5ValidEnd'
87 EQUALITY generalizedTimeMatch
88 ORDERING generalizedTimeOrderingMatch
89 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
90 SINGLE-VALUE )
92 attributetype ( 1.3.6.1.4.1.5322.10.1.9
93 NAME 'krb5PasswordEnd'
94 EQUALITY generalizedTimeMatch
95 ORDERING generalizedTimeOrderingMatch
96 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
97 SINGLE-VALUE )
99 # this is temporary; keys will eventually
100 # be child entries or compound attributes.
101 attributetype ( 1.3.6.1.4.1.5322.10.1.10
102 NAME 'krb5Key'
103 DESC 'Encoded ASN1 Key as an octet string'
104 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
106 attributetype ( 1.3.6.1.4.1.5322.10.1.11
107 NAME 'krb5PrincipalRealm'
108 DESC 'Distinguished name of krb5Realm entry'
109 SUP distinguishedName )
111 attributetype ( 1.3.6.1.4.1.5322.10.1.12
112 NAME 'krb5RealmName'
113 EQUALITY octetStringMatch
114 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
116 # Object class definitions
118 objectclass ( 1.3.6.1.4.1.5322.10.2.1
119 NAME 'krb5Principal'
120 SUP top
121 AUXILIARY
122 MUST ( krb5PrincipalName )
123 MAY ( cn $ krb5PrincipalRealm ) )
125 objectclass ( 1.3.6.1.4.1.5322.10.2.2
126 NAME 'krb5KDCEntry'
127 SUP krb5Principal
128 AUXILIARY
129 MUST ( krb5KeyVersionNumber )
130 MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
131 krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
132 krb5EncryptionType $ krb5Key ) )
134 objectclass ( 1.3.6.1.4.1.5322.10.2.3
135 NAME 'krb5Realm'
136 SUP top
137 AUXILIARY
138 MUST ( krb5RealmName ) )