| blob | f31d9b3125dad61513ecd168a24af9937191121a |
1 -- $Id$
2 HDB DEFINITIONS ::=
3 BEGIN
5 EncryptionKey EXTERNAL
6 KerberosTime EXTERNAL
7 Principal EXTERNAL
9 HDB_DB_FORMAT INTEGER ::= 2 -- format of database,
10 -- update when making changes
12 -- these should have the same value as the pa-* counterparts
13 hdb-pw-salt INTEGER ::= 3
14 hdb-afs3-salt INTEGER ::= 10
16 Salt ::= SEQUENCE {
17 type[0] INTEGER,
18 salt[1] OCTET STRING
19 }
21 Key ::= SEQUENCE {
22 mkvno[0] INTEGER OPTIONAL, -- master key version number
23 key[1] EncryptionKey,
24 salt[2] Salt OPTIONAL
25 }
27 Event ::= SEQUENCE {
28 time[0] KerberosTime,
29 principal[1] Principal OPTIONAL
30 }
32 HDBFlags ::= BIT STRING {
33 initial(0), -- require as-req
34 forwardable(1), -- may issue forwardable
35 proxiable(2), -- may issue proxiable
36 renewable(3), -- may issue renewable
37 postdate(4), -- may issue postdatable
38 server(5), -- may be server
39 client(6), -- may be client
40 invalid(7), -- entry is invalid
41 require-preauth(8), -- must use preauth
42 change-pw(9), -- change password service
43 require-hwauth(10), -- must use hwauth
44 ok-as-delegate(11), -- as in TicketFlags
45 user-to-user(12), -- may use user-to-user auth
46 immutable(13) -- may not be deleted
47 }
49 hdb_entry ::= SEQUENCE {
50 principal[0] Principal OPTIONAL, -- this is optional only
51 -- for compatibility with libkrb5
52 kvno[1] INTEGER,
53 keys[2] SEQUENCE OF Key,
54 created-by[3] Event,
55 modified-by[4] Event OPTIONAL,
56 valid-start[5] KerberosTime OPTIONAL,
57 valid-end[6] KerberosTime OPTIONAL,
58 pw-end[7] KerberosTime OPTIONAL,
59 max-life[8] INTEGER OPTIONAL,
60 max-renew[9] INTEGER OPTIONAL,
61 flags[10] HDBFlags,
62 etypes[11] SEQUENCE OF INTEGER OPTIONAL
63 }
65 END