1-- $Id: hdb.asn1,v 1.9 2001/06/21 14:54:53 joda Exp $ 2HDB DEFINITIONS ::= 3BEGIN 4 5IMPORTS EncryptionKey, KerberosTime, Principal FROM krb5; 6 7HDB_DB_FORMAT INTEGER ::= 2 -- format of database, 8 -- update when making changes 9 10-- these must have the same value as the pa-* counterparts 11hdb-pw-salt INTEGER ::= 3 12hdb-afs3-salt INTEGER ::= 10 13 14Salt ::= SEQUENCE { 15 type[0] INTEGER, 16 salt[1] OCTET STRING 17} 18 19Key ::= SEQUENCE { 20 mkvno[0] INTEGER OPTIONAL, -- master key version number 21 key[1] EncryptionKey, 22 salt[2] Salt OPTIONAL 23} 24 25Event ::= SEQUENCE { 26 time[0] KerberosTime, 27 principal[1] Principal OPTIONAL 28} 29 30HDBFlags ::= BIT STRING { 31 initial(0), -- require as-req 32 forwardable(1), -- may issue forwardable 33 proxiable(2), -- may issue proxiable 34 renewable(3), -- may issue renewable 35 postdate(4), -- may issue postdatable 36 server(5), -- may be server 37 client(6), -- may be client 38 invalid(7), -- entry is invalid 39 require-preauth(8), -- must use preauth 40 change-pw(9), -- change password service 41 require-hwauth(10), -- must use hwauth 42 ok-as-delegate(11), -- as in TicketFlags 43 user-to-user(12), -- may use user-to-user auth 44 immutable(13) -- may not be deleted 45} 46 47GENERATION ::= SEQUENCE { 48 time[0] KerberosTime, -- timestamp 49 usec[1] INTEGER, -- microseconds 50 gen[2] INTEGER -- generation number 51} 52 53hdb_entry ::= SEQUENCE { 54 principal[0] Principal OPTIONAL, -- this is optional only 55 -- for compatibility with libkrb5 56 kvno[1] INTEGER, 57 keys[2] SEQUENCE OF Key, 58 created-by[3] Event, 59 modified-by[4] Event OPTIONAL, 60 valid-start[5] KerberosTime OPTIONAL, 61 valid-end[6] KerberosTime OPTIONAL, 62 pw-end[7] KerberosTime OPTIONAL, 63 max-life[8] INTEGER OPTIONAL, 64 max-renew[9] INTEGER OPTIONAL, 65 flags[10] HDBFlags, 66 etypes[11] SEQUENCE OF INTEGER OPTIONAL, 67 generation[12] GENERATION OPTIONAL 68} 69 70END 71