1-- $Id: hdb.asn1,v 1.7 1999/05/03 16:48:52 joda Exp $ 2HDB DEFINITIONS ::= 3BEGIN 4 5EncryptionKey EXTERNAL 6KerberosTime EXTERNAL 7Principal EXTERNAL 8 9HDB_DB_FORMAT INTEGER ::= 2 -- format of database, 10 -- update when making changes 11 12-- these should have the same value as the pa-* counterparts 13hdb-pw-salt INTEGER ::= 3 14hdb-afs3-salt INTEGER ::= 10 15 16Salt ::= SEQUENCE { 17 type[0] INTEGER, 18 salt[1] OCTET STRING 19} 20 21Key ::= SEQUENCE { 22 mkvno[0] INTEGER OPTIONAL, -- master key version number 23 key[1] EncryptionKey, 24 salt[2] Salt OPTIONAL 25} 26 27Event ::= SEQUENCE { 28 time[0] KerberosTime, 29 principal[1] Principal OPTIONAL 30} 31 32HDBFlags ::= BIT STRING { 33 initial(0), -- require as-req 34 forwardable(1), -- may issue forwardable 35 proxiable(2), -- may issue proxiable 36 renewable(3), -- may issue renewable 37 postdate(4), -- may issue postdatable 38 server(5), -- may be server 39 client(6), -- may be client 40 invalid(7), -- entry is invalid 41 require-preauth(8), -- must use preauth 42 change-pw(9), -- change password service 43 require-hwauth(10), -- must use hwauth 44 ok-as-delegate(11), -- as in TicketFlags 45 user-to-user(12), -- may use user-to-user auth 46 immutable(13) -- may not be deleted 47} 48 49hdb_entry ::= SEQUENCE { 50 principal[0] Principal OPTIONAL, -- this is optional only 51 -- for compatibility with libkrb5 52 kvno[1] INTEGER, 53 keys[2] SEQUENCE OF Key, 54 created-by[3] Event, 55 modified-by[4] Event OPTIONAL, 56 valid-start[5] KerberosTime OPTIONAL, 57 valid-end[6] KerberosTime OPTIONAL, 58 pw-end[7] KerberosTime OPTIONAL, 59 max-life[8] INTEGER OPTIONAL, 60 max-renew[9] INTEGER OPTIONAL, 61 flags[10] HDBFlags, 62 etypes[11] SEQUENCE OF INTEGER OPTIONAL 63} 64 65END 66