1178825Sdfr# Definitions for a Kerberos V KDC schema 2178825Sdfr# 3233294Sstas# $Id$ 4178825Sdfr# 5178825Sdfr# This version is compatible with OpenLDAP 1.8 6178825Sdfr# 7178825Sdfr# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10) 8178825Sdfr# 9178825Sdfr# Syntaxes are under 1.3.6.1.4.1.5322.10.0 10178825Sdfr# Attributes types are under 1.3.6.1.4.1.5322.10.1 11178825Sdfr# Object classes are under 1.3.6.1.4.1.5322.10.2 12178825Sdfr 13178825Sdfr# Syntax definitions 14178825Sdfr 15178825Sdfr#krb5KDCFlagsSyntax SYNTAX ::= { 16178825Sdfr# WITH SYNTAX INTEGER 17178825Sdfr#-- initial(0), -- require as-req 18178825Sdfr#-- forwardable(1), -- may issue forwardable 19178825Sdfr#-- proxiable(2), -- may issue proxiable 20178825Sdfr#-- renewable(3), -- may issue renewable 21178825Sdfr#-- postdate(4), -- may issue postdatable 22178825Sdfr#-- server(5), -- may be server 23178825Sdfr#-- client(6), -- may be client 24178825Sdfr#-- invalid(7), -- entry is invalid 25178825Sdfr#-- require-preauth(8), -- must use preauth 26178825Sdfr#-- change-pw(9), -- change password service 27178825Sdfr#-- require-hwauth(10), -- must use hwauth 28178825Sdfr#-- ok-as-delegate(11), -- as in TicketFlags 29178825Sdfr#-- user-to-user(12), -- may use user-to-user auth 30178825Sdfr#-- immutable(13) -- may not be deleted 31178825Sdfr# ID { 1.3.6.1.4.1.5322.10.0.1 } 32178825Sdfr#} 33178825Sdfr 34178825Sdfr#krb5PrincipalNameSyntax SYNTAX ::= { 35178825Sdfr# WITH SYNTAX OCTET STRING 36178825Sdfr#-- String representations of distinguished names as per RFC1510 37178825Sdfr# ID { 1.3.6.1.4.1.5322.10.0.2 } 38178825Sdfr#} 39178825Sdfr 40178825Sdfr# Attribute type definitions 41178825Sdfr 42178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.1 43178825Sdfr NAME 'krb5PrincipalName' 44178825Sdfr DESC 'The unparsed Kerberos principal name' 45178825Sdfr EQUALITY caseExactIA5Match 46178825Sdfr SINGLE-VALUE 47178825Sdfr SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 48178825Sdfr 49178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.2 50178825Sdfr NAME 'krb5KeyVersionNumber' 51178825Sdfr EQUALITY integerMatch 52178825Sdfr SINGLE-VALUE 53178825Sdfr SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 54178825Sdfr 55178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.3 56178825Sdfr NAME 'krb5MaxLife' 57178825Sdfr EQUALITY integerMatch 58178825Sdfr SINGLE-VALUE 59178825Sdfr SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 60178825Sdfr 61178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.4 62178825Sdfr NAME 'krb5MaxRenew' 63178825Sdfr EQUALITY integerMatch 64178825Sdfr SINGLE-VALUE 65178825Sdfr SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 66178825Sdfr 67178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.5 68178825Sdfr NAME 'krb5KDCFlags' 69178825Sdfr EQUALITY integerMatch 70178825Sdfr SINGLE-VALUE 71178825Sdfr SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 72178825Sdfr 73178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.6 74178825Sdfr NAME 'krb5EncryptionType' 75178825Sdfr EQUALITY integerMatch 76178825Sdfr SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 77178825Sdfr 78178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.7 79178825Sdfr NAME 'krb5ValidStart' 80178825Sdfr EQUALITY generalizedTimeMatch 81178825Sdfr ORDERING generalizedTimeOrderingMatch 82178825Sdfr SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 83178825Sdfr SINGLE-VALUE ) 84178825Sdfr 85178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.8 86178825Sdfr NAME 'krb5ValidEnd' 87178825Sdfr EQUALITY generalizedTimeMatch 88178825Sdfr ORDERING generalizedTimeOrderingMatch 89178825Sdfr SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 90178825Sdfr SINGLE-VALUE ) 91178825Sdfr 92178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.9 93178825Sdfr NAME 'krb5PasswordEnd' 94178825Sdfr EQUALITY generalizedTimeMatch 95178825Sdfr ORDERING generalizedTimeOrderingMatch 96178825Sdfr SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 97178825Sdfr SINGLE-VALUE ) 98178825Sdfr 99178825Sdfr# this is temporary; keys will eventually 100178825Sdfr# be child entries or compound attributes. 101178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.10 102178825Sdfr NAME 'krb5Key' 103178825Sdfr DESC 'Encoded ASN1 Key as an octet string' 104178825Sdfr SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 105178825Sdfr 106178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.11 107178825Sdfr NAME 'krb5PrincipalRealm' 108178825Sdfr DESC 'Distinguished name of krb5Realm entry' 109178825Sdfr SUP distinguishedName ) 110178825Sdfr 111178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.12 112178825Sdfr NAME 'krb5RealmName' 113178825Sdfr EQUALITY octetStringMatch 114178825Sdfr SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) 115178825Sdfr 116178825Sdfr# Object class definitions 117178825Sdfr 118178825Sdfrobjectclass ( 1.3.6.1.4.1.5322.10.2.1 119178825Sdfr NAME 'krb5Principal' 120178825Sdfr SUP top 121178825Sdfr AUXILIARY 122178825Sdfr MUST ( krb5PrincipalName ) 123178825Sdfr MAY ( cn $ krb5PrincipalRealm ) ) 124178825Sdfr 125178825Sdfrobjectclass ( 1.3.6.1.4.1.5322.10.2.2 126178825Sdfr NAME 'krb5KDCEntry' 127178825Sdfr SUP krb5Principal 128178825Sdfr AUXILIARY 129178825Sdfr MUST ( krb5KeyVersionNumber ) 130178825Sdfr MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $ 131178825Sdfr krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $ 132178825Sdfr krb5EncryptionType $ krb5Key ) ) 133178825Sdfr 134178825Sdfrobjectclass ( 1.3.6.1.4.1.5322.10.2.3 135178825Sdfr NAME 'krb5Realm' 136178825Sdfr SUP top 137178825Sdfr AUXILIARY 138178825Sdfr MUST ( krb5RealmName ) ) 139178825Sdfr 140