9 HDB_DB_FORMAT INTEGER ::= 2 -- format of database,
10 -- update when making changes
12 -- these should have the same value as the pa-* counterparts
13 hdb-pw-salt INTEGER ::= 3
14 hdb-afs3-salt INTEGER ::= 10
22 mkvno[0] INTEGER OPTIONAL, -- master key version number
29 principal[1] Principal OPTIONAL
32 HDBFlags ::= BIT STRING {
33 initial(0), -- require as-req
34 forwardable(1), -- may issue forwardable
35 proxiable(2), -- may issue proxiable
36 renewable(3), -- may issue renewable
37 postdate(4), -- may issue postdatable
38 server(5), -- may be server
39 client(6), -- may be client
40 invalid(7), -- entry is invalid
41 require-preauth(8), -- must use preauth
42 change-pw(9), -- change password service
43 require-hwauth(10), -- must use hwauth
44 ok-as-delegate(11), -- as in TicketFlags
45 user-to-user(12), -- may use user-to-user auth
46 immutable(13) -- may not be deleted
49 hdb_entry ::= SEQUENCE {
50 principal[0] Principal OPTIONAL, -- this is optional only
51 -- for compatibility with libkrb5
53 keys[2] SEQUENCE OF Key,
55 modified-by[4] Event OPTIONAL,
56 valid-start[5] KerberosTime OPTIONAL,
57 valid-end[6] KerberosTime OPTIONAL,
58 pw-end[7] KerberosTime OPTIONAL,
59 max-life[8] INTEGER OPTIONAL,
60 max-renew[9] INTEGER OPTIONAL,
62 etypes[11] SEQUENCE OF INTEGER OPTIONAL