Home | History | Annotate | Line # | Download | only in hdb 
      1 # Definitions for a Kerberos V KDC schema
      2 #
      3 # Id
      4 #
      5 # This version is compatible with OpenLDAP 1.8
      6 #
      7 # OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
      8 #
      9 # Syntaxes are under 1.3.6.1.4.1.5322.10.0
     10 # Attributes types are under 1.3.6.1.4.1.5322.10.1
     11 # Object classes are under 1.3.6.1.4.1.5322.10.2
     12 
     13 # Syntax definitions
     14 
     15 #krb5KDCFlagsSyntax SYNTAX ::= {
     16 #   WITH SYNTAX            INTEGER
     17 #--        initial(0),             -- require as-req
     18 #--        forwardable(1),         -- may issue forwardable
     19 #--        proxiable(2),           -- may issue proxiable
     20 #--        renewable(3),           -- may issue renewable
     21 #--        postdate(4),            -- may issue postdatable
     22 #--        server(5),              -- may be server
     23 #--        client(6),              -- may be client
     24 #--        invalid(7),             -- entry is invalid
     25 #--        require-preauth(8),     -- must use preauth
     26 #--        change-pw(9),           -- change password service
     27 #--        require-hwauth(10),     -- must use hwauth
     28 #--        ok-as-delegate(11),     -- as in TicketFlags
     29 #--        user-to-user(12),       -- may use user-to-user auth
     30 #--        immutable(13)           -- may not be deleted         
     31 #   ID                     { 1.3.6.1.4.1.5322.10.0.1 }
     32 #}
     33 
     34 #krb5PrincipalNameSyntax SYNTAX ::= {
     35 #   WITH SYNTAX            OCTET STRING
     36 #-- String representations of distinguished names as per RFC1510
     37 #   ID                     { 1.3.6.1.4.1.5322.10.0.2 }
     38 #}
     39 
     40 # Attribute type definitions
     41  
     42 attributetype ( 1.3.6.1.4.1.5322.10.1.1
     43 	NAME 'krb5PrincipalName'
     44 	DESC 'The unparsed Kerberos principal name'
     45 	EQUALITY caseExactIA5Match
     46 	SINGLE-VALUE
     47 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
     48 
     49 attributetype ( 1.3.6.1.4.1.5322.10.1.2
     50 	NAME 'krb5KeyVersionNumber'
     51 	EQUALITY integerMatch
     52 	SINGLE-VALUE
     53 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
     54 
     55 attributetype ( 1.3.6.1.4.1.5322.10.1.3
     56 	NAME 'krb5MaxLife'
     57 	EQUALITY integerMatch
     58 	SINGLE-VALUE
     59 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
     60 
     61 attributetype ( 1.3.6.1.4.1.5322.10.1.4
     62 	NAME 'krb5MaxRenew'
     63 	EQUALITY integerMatch
     64 	SINGLE-VALUE
     65 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
     66 
     67 attributetype ( 1.3.6.1.4.1.5322.10.1.5
     68 	NAME 'krb5KDCFlags'
     69 	EQUALITY integerMatch
     70 	SINGLE-VALUE
     71 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
     72 
     73 attributetype ( 1.3.6.1.4.1.5322.10.1.6
     74 	NAME 'krb5EncryptionType'
     75 	EQUALITY integerMatch
     76 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
     77 
     78 attributetype ( 1.3.6.1.4.1.5322.10.1.7
     79 	NAME 'krb5ValidStart'
     80 	EQUALITY generalizedTimeMatch
     81 	ORDERING generalizedTimeOrderingMatch
     82 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
     83 	SINGLE-VALUE )
     84 
     85 attributetype ( 1.3.6.1.4.1.5322.10.1.8
     86 	NAME 'krb5ValidEnd'
     87 	EQUALITY generalizedTimeMatch
     88 	ORDERING generalizedTimeOrderingMatch
     89 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
     90 	SINGLE-VALUE )
     91 
     92 attributetype ( 1.3.6.1.4.1.5322.10.1.9
     93 	NAME 'krb5PasswordEnd'
     94 	EQUALITY generalizedTimeMatch
     95 	ORDERING generalizedTimeOrderingMatch
     96 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
     97 	SINGLE-VALUE )
     98 
     99 # this is temporary; keys will eventually
    100 # be child entries or compound attributes.
    101 attributetype ( 1.3.6.1.4.1.5322.10.1.10
    102 	NAME 'krb5Key'
    103 	DESC 'Encoded ASN1 Key as an octet string'
    104 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
    105 
    106 attributetype ( 1.3.6.1.4.1.5322.10.1.11
    107 	NAME 'krb5PrincipalRealm'
    108 	DESC 'Distinguished name of krb5Realm entry'
    109 	SUP distinguishedName )
    110 
    111 attributetype ( 1.3.6.1.4.1.5322.10.1.12
    112 	NAME 'krb5RealmName'
    113 	EQUALITY octetStringMatch
    114 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
    115 
    116 attributetype ( 1.3.6.1.4.1.5322.10.1.13
    117 	NAME 'krb5ExtendedAttributes'
    118 	DESC 'Encoded ASN1 HDB Extension Attributes as an octet string'
    119 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
    120 
    121 # Object class definitions
    122 
    123 objectclass ( 1.3.6.1.4.1.5322.10.2.1
    124 	NAME 'krb5Principal'
    125 	SUP top
    126 	AUXILIARY
    127 	MUST ( krb5PrincipalName )
    128 	MAY ( cn $ krb5PrincipalRealm ) )
    129 
    130 objectclass ( 1.3.6.1.4.1.5322.10.2.2
    131 	NAME 'krb5KDCEntry'
    132 	SUP krb5Principal
    133 	AUXILIARY
    134 	MUST ( krb5KeyVersionNumber )
    135 	MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
    136               krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
    137               krb5EncryptionType $ krb5Key $ krb5ExtendedAttributes ) )
    138 
    139 objectclass ( 1.3.6.1.4.1.5322.10.2.3
    140 	NAME 'krb5Realm'
    141 	SUP top
    142 	AUXILIARY
    143 	MUST ( krb5RealmName ) )
    144 
    145