hdb.asn1 revision 1.1
1 1.1 elric -- $Id: hdb.asn1,v 1.1 2011/04/13 18:14:42 elric Exp $ 2 1.1 elric HDB DEFINITIONS ::= 3 1.1 elric BEGIN 4 1.1 elric 5 1.1 elric IMPORTS EncryptionKey, KerberosTime, Principal FROM krb5; 6 1.1 elric 7 1.1 elric HDB_DB_FORMAT INTEGER ::= 2 -- format of database, 8 1.1 elric -- update when making changes 9 1.1 elric 10 1.1 elric -- these must have the same value as the pa-* counterparts 11 1.1 elric hdb-pw-salt INTEGER ::= 3 12 1.1 elric hdb-afs3-salt INTEGER ::= 10 13 1.1 elric 14 1.1 elric Salt ::= SEQUENCE { 15 1.1 elric type[0] INTEGER (0..4294967295), 16 1.1 elric salt[1] OCTET STRING, 17 1.1 elric opaque[2] OCTET STRING OPTIONAL 18 1.1 elric } 19 1.1 elric 20 1.1 elric Key ::= SEQUENCE { 21 1.1 elric mkvno[0] INTEGER (0..4294967295) OPTIONAL, -- master key version number 22 1.1 elric key[1] EncryptionKey, 23 1.1 elric salt[2] Salt OPTIONAL 24 1.1 elric } 25 1.1 elric 26 1.1 elric Event ::= SEQUENCE { 27 1.1 elric time[0] KerberosTime, 28 1.1 elric principal[1] Principal OPTIONAL 29 1.1 elric } 30 1.1 elric 31 1.1 elric HDBFlags ::= BIT STRING { 32 1.1 elric initial(0), -- require as-req 33 1.1 elric forwardable(1), -- may issue forwardable 34 1.1 elric proxiable(2), -- may issue proxiable 35 1.1 elric renewable(3), -- may issue renewable 36 1.1 elric postdate(4), -- may issue postdatable 37 1.1 elric server(5), -- may be server 38 1.1 elric client(6), -- may be client 39 1.1 elric invalid(7), -- entry is invalid 40 1.1 elric require-preauth(8), -- must use preauth 41 1.1 elric change-pw(9), -- change password service 42 1.1 elric require-hwauth(10), -- must use hwauth 43 1.1 elric ok-as-delegate(11), -- as in TicketFlags 44 1.1 elric user-to-user(12), -- may use user-to-user auth 45 1.1 elric immutable(13), -- may not be deleted 46 1.1 elric trusted-for-delegation(14), -- Trusted to print forwardabled tickets 47 1.1 elric allow-kerberos4(15), -- Allow Kerberos 4 requests 48 1.1 elric allow-digest(16), -- Allow digest requests 49 1.1 elric locked-out(17) -- Account is locked out, 50 1.1 elric -- authentication will be denied 51 1.1 elric } 52 1.1 elric 53 1.1 elric GENERATION ::= SEQUENCE { 54 1.1 elric time[0] KerberosTime, -- timestamp 55 1.1 elric usec[1] INTEGER (0..4294967295), -- microseconds 56 1.1 elric gen[2] INTEGER (0..4294967295) -- generation number 57 1.1 elric } 58 1.1 elric 59 1.1 elric HDB-Ext-PKINIT-acl ::= SEQUENCE OF SEQUENCE { 60 1.1 elric subject[0] UTF8String, 61 1.1 elric issuer[1] UTF8String OPTIONAL, 62 1.1 elric anchor[2] UTF8String OPTIONAL 63 1.1 elric } 64 1.1 elric 65 1.1 elric HDB-Ext-PKINIT-hash ::= SEQUENCE OF SEQUENCE { 66 1.1 elric digest-type[0] OBJECT IDENTIFIER, 67 1.1 elric digest[1] OCTET STRING 68 1.1 elric } 69 1.1 elric 70 1.1 elric HDB-Ext-PKINIT-cert ::= SEQUENCE OF SEQUENCE { 71 1.1 elric cert[0] OCTET STRING 72 1.1 elric } 73 1.1 elric 74 1.1 elric HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal 75 1.1 elric 76 1.1 elric -- hdb-ext-referrals ::= PA-SERVER-REFERRAL-DATA 77 1.1 elric 78 1.1 elric HDB-Ext-Lan-Manager-OWF ::= OCTET STRING 79 1.1 elric 80 1.1 elric HDB-Ext-Password ::= SEQUENCE { 81 1.1 elric mkvno[0] INTEGER (0..4294967295) OPTIONAL, -- master key version number 82 1.1 elric password OCTET STRING 83 1.1 elric } 84 1.1 elric 85 1.1 elric HDB-Ext-Aliases ::= SEQUENCE { 86 1.1 elric case-insensitive[0] BOOLEAN, -- case insensitive name allowed 87 1.1 elric aliases[1] SEQUENCE OF Principal -- all names, inc primary 88 1.1 elric } 89 1.1 elric 90 1.1 elric 91 1.1 elric HDB-extension ::= SEQUENCE { 92 1.1 elric mandatory[0] BOOLEAN, -- kdc MUST understand this extension, 93 1.1 elric -- if not the whole entry must 94 1.1 elric -- be rejected 95 1.1 elric data[1] CHOICE { 96 1.1 elric pkinit-acl[0] HDB-Ext-PKINIT-acl, 97 1.1 elric pkinit-cert-hash[1] HDB-Ext-PKINIT-hash, 98 1.1 elric allowed-to-delegate-to[2] HDB-Ext-Constrained-delegation-acl, 99 1.1 elric -- referral-info[3] HDB-Ext-Referrals, 100 1.1 elric lm-owf[4] HDB-Ext-Lan-Manager-OWF, 101 1.1 elric password[5] HDB-Ext-Password, 102 1.1 elric aliases[6] HDB-Ext-Aliases, 103 1.1 elric last-pw-change[7] KerberosTime, 104 1.1 elric pkinit-cert[8] HDB-Ext-PKINIT-cert, 105 1.1 elric ... 106 1.1 elric }, 107 1.1 elric ... 108 1.1 elric } 109 1.1 elric 110 1.1 elric HDB-extensions ::= SEQUENCE OF HDB-extension 111 1.1 elric 112 1.1 elric hdb_keyset ::= SEQUENCE { 113 1.1 elric kvno[1] INTEGER (0..4294967295), 114 1.1 elric keys[0] SEQUENCE OF Key 115 1.1 elric } 116 1.1 elric 117 1.1 elric hdb_entry ::= SEQUENCE { 118 1.1 elric principal[0] Principal OPTIONAL, -- this is optional only 119 1.1 elric -- for compatibility with libkrb5 120 1.1 elric kvno[1] INTEGER (0..4294967295), 121 1.1 elric keys[2] SEQUENCE OF Key, 122 1.1 elric created-by[3] Event, 123 1.1 elric modified-by[4] Event OPTIONAL, 124 1.1 elric valid-start[5] KerberosTime OPTIONAL, 125 1.1 elric valid-end[6] KerberosTime OPTIONAL, 126 1.1 elric pw-end[7] KerberosTime OPTIONAL, 127 1.1 elric max-life[8] INTEGER (0..4294967295) OPTIONAL, 128 1.1 elric max-renew[9] INTEGER (0..4294967295) OPTIONAL, 129 1.1 elric flags[10] HDBFlags, 130 1.1 elric etypes[11] SEQUENCE OF INTEGER (0..4294967295) OPTIONAL, 131 1.1 elric generation[12] GENERATION OPTIONAL, 132 1.1 elric extensions[13] HDB-extensions OPTIONAL 133 1.1 elric } 134 1.1 elric 135 1.1 elric hdb_entry_alias ::= [APPLICATION 0] SEQUENCE { 136 1.1 elric principal[0] Principal OPTIONAL 137 1.1 elric } 138 1.1 elric 139 1.1 elric END 140
Indexes created Sat Feb 28 05:31:39 UTC 2026