1-- $Id: hdb.asn1,v 1.8 2000/06/19 15:22:22 joda Exp $ 2HDB DEFINITIONS ::= 3BEGIN 4 5IMPORTS EncryptionKey, KerberosTime, Principal FROM krb5; 6 7HDB_DB_FORMAT INTEGER ::= 2 -- format of database, 8 -- update when making changes 9 10-- these should have the same value as the pa-* counterparts 11hdb-pw-salt INTEGER ::= 3 12hdb-afs3-salt INTEGER ::= 10 13 14Salt ::= SEQUENCE { 15 type[0] INTEGER, 16 salt[1] OCTET STRING 17} 18 19Key ::= SEQUENCE { 20 mkvno[0] INTEGER OPTIONAL, -- master key version number 21 key[1] EncryptionKey, 22 salt[2] Salt OPTIONAL 23} 24 25Event ::= SEQUENCE { 26 time[0] KerberosTime, 27 principal[1] Principal OPTIONAL 28} 29 30HDBFlags ::= BIT STRING { 31 initial(0), -- require as-req 32 forwardable(1), -- may issue forwardable 33 proxiable(2), -- may issue proxiable 34 renewable(3), -- may issue renewable 35 postdate(4), -- may issue postdatable 36 server(5), -- may be server 37 client(6), -- may be client 38 invalid(7), -- entry is invalid 39 require-preauth(8), -- must use preauth 40 change-pw(9), -- change password service 41 require-hwauth(10), -- must use hwauth 42 ok-as-delegate(11), -- as in TicketFlags 43 user-to-user(12), -- may use user-to-user auth 44 immutable(13) -- may not be deleted 45} 46 47hdb_entry ::= SEQUENCE { 48 principal[0] Principal OPTIONAL, -- this is optional only 49 -- for compatibility with libkrb5 50 kvno[1] INTEGER, 51 keys[2] SEQUENCE OF Key, 52 created-by[3] Event, 53 modified-by[4] Event OPTIONAL, 54 valid-start[5] KerberosTime OPTIONAL, 55 valid-end[6] KerberosTime OPTIONAL, 56 pw-end[7] KerberosTime OPTIONAL, 57 max-life[8] INTEGER OPTIONAL, 58 max-renew[9] INTEGER OPTIONAL, 59 flags[10] HDBFlags, 60 etypes[11] SEQUENCE OF INTEGER OPTIONAL 61} 62 63END 64