1 1.1 elric # Definitions for a Kerberos V KDC schema 2 1.1 elric # 3 1.1.1.2 elric # Id 4 1.1 elric # 5 1.1 elric # This version is compatible with OpenLDAP 1.8 6 1.1 elric # 7 1.1 elric # OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10) 8 1.1 elric # 9 1.1 elric # Syntaxes are under 1.3.6.1.4.1.5322.10.0 10 1.1 elric # Attributes types are under 1.3.6.1.4.1.5322.10.1 11 1.1 elric # Object classes are under 1.3.6.1.4.1.5322.10.2 12 1.1 elric 13 1.1 elric # Syntax definitions 14 1.1 elric 15 1.1 elric #krb5KDCFlagsSyntax SYNTAX ::= { 16 1.1 elric # WITH SYNTAX INTEGER 17 1.1 elric #-- initial(0), -- require as-req 18 1.1 elric #-- forwardable(1), -- may issue forwardable 19 1.1 elric #-- proxiable(2), -- may issue proxiable 20 1.1 elric #-- renewable(3), -- may issue renewable 21 1.1 elric #-- postdate(4), -- may issue postdatable 22 1.1 elric #-- server(5), -- may be server 23 1.1 elric #-- client(6), -- may be client 24 1.1 elric #-- invalid(7), -- entry is invalid 25 1.1 elric #-- require-preauth(8), -- must use preauth 26 1.1 elric #-- change-pw(9), -- change password service 27 1.1 elric #-- require-hwauth(10), -- must use hwauth 28 1.1 elric #-- ok-as-delegate(11), -- as in TicketFlags 29 1.1 elric #-- user-to-user(12), -- may use user-to-user auth 30 1.1 elric #-- immutable(13) -- may not be deleted 31 1.1 elric # ID { 1.3.6.1.4.1.5322.10.0.1 } 32 1.1 elric #} 33 1.1 elric 34 1.1 elric #krb5PrincipalNameSyntax SYNTAX ::= { 35 1.1 elric # WITH SYNTAX OCTET STRING 36 1.1 elric #-- String representations of distinguished names as per RFC1510 37 1.1 elric # ID { 1.3.6.1.4.1.5322.10.0.2 } 38 1.1 elric #} 39 1.1 elric 40 1.1 elric # Attribute type definitions 41 1.1 elric 42 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.1 43 1.1 elric NAME 'krb5PrincipalName' 44 1.1 elric DESC 'The unparsed Kerberos principal name' 45 1.1 elric EQUALITY caseExactIA5Match 46 1.1 elric SINGLE-VALUE 47 1.1 elric SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 48 1.1 elric 49 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.2 50 1.1 elric NAME 'krb5KeyVersionNumber' 51 1.1 elric EQUALITY integerMatch 52 1.1 elric SINGLE-VALUE 53 1.1 elric SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 54 1.1 elric 55 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.3 56 1.1 elric NAME 'krb5MaxLife' 57 1.1 elric EQUALITY integerMatch 58 1.1 elric SINGLE-VALUE 59 1.1 elric SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 60 1.1 elric 61 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.4 62 1.1 elric NAME 'krb5MaxRenew' 63 1.1 elric EQUALITY integerMatch 64 1.1 elric SINGLE-VALUE 65 1.1 elric SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 66 1.1 elric 67 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.5 68 1.1 elric NAME 'krb5KDCFlags' 69 1.1 elric EQUALITY integerMatch 70 1.1 elric SINGLE-VALUE 71 1.1 elric SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 72 1.1 elric 73 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.6 74 1.1 elric NAME 'krb5EncryptionType' 75 1.1 elric EQUALITY integerMatch 76 1.1 elric SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 77 1.1 elric 78 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.7 79 1.1 elric NAME 'krb5ValidStart' 80 1.1 elric EQUALITY generalizedTimeMatch 81 1.1 elric ORDERING generalizedTimeOrderingMatch 82 1.1 elric SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 83 1.1 elric SINGLE-VALUE ) 84 1.1 elric 85 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.8 86 1.1 elric NAME 'krb5ValidEnd' 87 1.1 elric EQUALITY generalizedTimeMatch 88 1.1 elric ORDERING generalizedTimeOrderingMatch 89 1.1 elric SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 90 1.1 elric SINGLE-VALUE ) 91 1.1 elric 92 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.9 93 1.1 elric NAME 'krb5PasswordEnd' 94 1.1 elric EQUALITY generalizedTimeMatch 95 1.1 elric ORDERING generalizedTimeOrderingMatch 96 1.1 elric SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 97 1.1 elric SINGLE-VALUE ) 98 1.1 elric 99 1.1 elric # this is temporary; keys will eventually 100 1.1 elric # be child entries or compound attributes. 101 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.10 102 1.1 elric NAME 'krb5Key' 103 1.1 elric DESC 'Encoded ASN1 Key as an octet string' 104 1.1 elric SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 105 1.1 elric 106 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.11 107 1.1 elric NAME 'krb5PrincipalRealm' 108 1.1 elric DESC 'Distinguished name of krb5Realm entry' 109 1.1 elric SUP distinguishedName ) 110 1.1 elric 111 1.1 elric attributetype ( 1.3.6.1.4.1.5322.10.1.12 112 1.1 elric NAME 'krb5RealmName' 113 1.1 elric EQUALITY octetStringMatch 114 1.1 elric SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) 115 1.1 elric 116 1.1.1.3 christos attributetype ( 1.3.6.1.4.1.5322.10.1.13 117 1.1.1.3 christos NAME 'krb5ExtendedAttributes' 118 1.1.1.3 christos DESC 'Encoded ASN1 HDB Extension Attributes as an octet string' 119 1.1.1.3 christos SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 120 1.1.1.3 christos 121 1.1 elric # Object class definitions 122 1.1 elric 123 1.1 elric objectclass ( 1.3.6.1.4.1.5322.10.2.1 124 1.1 elric NAME 'krb5Principal' 125 1.1 elric SUP top 126 1.1 elric AUXILIARY 127 1.1 elric MUST ( krb5PrincipalName ) 128 1.1 elric MAY ( cn $ krb5PrincipalRealm ) ) 129 1.1 elric 130 1.1 elric objectclass ( 1.3.6.1.4.1.5322.10.2.2 131 1.1 elric NAME 'krb5KDCEntry' 132 1.1 elric SUP krb5Principal 133 1.1 elric AUXILIARY 134 1.1 elric MUST ( krb5KeyVersionNumber ) 135 1.1 elric MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $ 136 1.1 elric krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $ 137 1.1.1.3 christos krb5EncryptionType $ krb5Key $ krb5ExtendedAttributes ) ) 138 1.1 elric 139 1.1 elric objectclass ( 1.3.6.1.4.1.5322.10.2.3 140 1.1 elric NAME 'krb5Realm' 141 1.1 elric SUP top 142 1.1 elric AUXILIARY 143 1.1 elric MUST ( krb5RealmName ) ) 144 1.1 elric 145
Indexes created Sat Feb 28 05:31:39 UTC 2026