xref: /freebsd/crypto/heimdal/lib/hdb/hdb.schema (revision 6a068746777241722b2b32c5d0bc443a2a64d80b) 
1c19800e8SDoug Rabson# Definitions for a Kerberos V KDC schema
2c19800e8SDoug Rabson#
3*ae771770SStanislav Sedov# $Id$
4c19800e8SDoug Rabson#
5c19800e8SDoug Rabson# This version is compatible with OpenLDAP 1.8
6c19800e8SDoug Rabson#
7c19800e8SDoug Rabson# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
8c19800e8SDoug Rabson#
9c19800e8SDoug Rabson# Syntaxes are under 1.3.6.1.4.1.5322.10.0
10c19800e8SDoug Rabson# Attributes types are under 1.3.6.1.4.1.5322.10.1
11c19800e8SDoug Rabson# Object classes are under 1.3.6.1.4.1.5322.10.2
12c19800e8SDoug Rabson
13c19800e8SDoug Rabson# Syntax definitions
14c19800e8SDoug Rabson
15c19800e8SDoug Rabson#krb5KDCFlagsSyntax SYNTAX ::= {
16c19800e8SDoug Rabson#   WITH SYNTAX            INTEGER
17c19800e8SDoug Rabson#--        initial(0),             -- require as-req
18c19800e8SDoug Rabson#--        forwardable(1),         -- may issue forwardable
19c19800e8SDoug Rabson#--        proxiable(2),           -- may issue proxiable
20c19800e8SDoug Rabson#--        renewable(3),           -- may issue renewable
21c19800e8SDoug Rabson#--        postdate(4),            -- may issue postdatable
22c19800e8SDoug Rabson#--        server(5),              -- may be server
23c19800e8SDoug Rabson#--        client(6),              -- may be client
24c19800e8SDoug Rabson#--        invalid(7),             -- entry is invalid
25c19800e8SDoug Rabson#--        require-preauth(8),     -- must use preauth
26c19800e8SDoug Rabson#--        change-pw(9),           -- change password service
27c19800e8SDoug Rabson#--        require-hwauth(10),     -- must use hwauth
28c19800e8SDoug Rabson#--        ok-as-delegate(11),     -- as in TicketFlags
29c19800e8SDoug Rabson#--        user-to-user(12),       -- may use user-to-user auth
30c19800e8SDoug Rabson#--        immutable(13)           -- may not be deleted
31c19800e8SDoug Rabson#   ID                     { 1.3.6.1.4.1.5322.10.0.1 }
32c19800e8SDoug Rabson#}
33c19800e8SDoug Rabson
34c19800e8SDoug Rabson#krb5PrincipalNameSyntax SYNTAX ::= {
35c19800e8SDoug Rabson#   WITH SYNTAX            OCTET STRING
36c19800e8SDoug Rabson#-- String representations of distinguished names as per RFC1510
37c19800e8SDoug Rabson#   ID                     { 1.3.6.1.4.1.5322.10.0.2 }
38c19800e8SDoug Rabson#}
39c19800e8SDoug Rabson
40c19800e8SDoug Rabson# Attribute type definitions
41c19800e8SDoug Rabson
42c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.1
43c19800e8SDoug Rabson	NAME 'krb5PrincipalName'
44c19800e8SDoug Rabson	DESC 'The unparsed Kerberos principal name'
45c19800e8SDoug Rabson	EQUALITY caseExactIA5Match
46c19800e8SDoug Rabson	SINGLE-VALUE
47c19800e8SDoug Rabson	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
48c19800e8SDoug Rabson
49c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.2
50c19800e8SDoug Rabson	NAME 'krb5KeyVersionNumber'
51c19800e8SDoug Rabson	EQUALITY integerMatch
52c19800e8SDoug Rabson	SINGLE-VALUE
53c19800e8SDoug Rabson	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
54c19800e8SDoug Rabson
55c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.3
56c19800e8SDoug Rabson	NAME 'krb5MaxLife'
57c19800e8SDoug Rabson	EQUALITY integerMatch
58c19800e8SDoug Rabson	SINGLE-VALUE
59c19800e8SDoug Rabson	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
60c19800e8SDoug Rabson
61c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.4
62c19800e8SDoug Rabson	NAME 'krb5MaxRenew'
63c19800e8SDoug Rabson	EQUALITY integerMatch
64c19800e8SDoug Rabson	SINGLE-VALUE
65c19800e8SDoug Rabson	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
66c19800e8SDoug Rabson
67c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.5
68c19800e8SDoug Rabson	NAME 'krb5KDCFlags'
69c19800e8SDoug Rabson	EQUALITY integerMatch
70c19800e8SDoug Rabson	SINGLE-VALUE
71c19800e8SDoug Rabson	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
72c19800e8SDoug Rabson
73c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.6
74c19800e8SDoug Rabson	NAME 'krb5EncryptionType'
75c19800e8SDoug Rabson	EQUALITY integerMatch
76c19800e8SDoug Rabson	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
77c19800e8SDoug Rabson
78c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.7
79c19800e8SDoug Rabson	NAME 'krb5ValidStart'
80c19800e8SDoug Rabson	EQUALITY generalizedTimeMatch
81c19800e8SDoug Rabson	ORDERING generalizedTimeOrderingMatch
82c19800e8SDoug Rabson	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
83c19800e8SDoug Rabson	SINGLE-VALUE )
84c19800e8SDoug Rabson
85c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.8
86c19800e8SDoug Rabson	NAME 'krb5ValidEnd'
87c19800e8SDoug Rabson	EQUALITY generalizedTimeMatch
88c19800e8SDoug Rabson	ORDERING generalizedTimeOrderingMatch
89c19800e8SDoug Rabson	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
90c19800e8SDoug Rabson	SINGLE-VALUE )
91c19800e8SDoug Rabson
92c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.9
93c19800e8SDoug Rabson	NAME 'krb5PasswordEnd'
94c19800e8SDoug Rabson	EQUALITY generalizedTimeMatch
95c19800e8SDoug Rabson	ORDERING generalizedTimeOrderingMatch
96c19800e8SDoug Rabson	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
97c19800e8SDoug Rabson	SINGLE-VALUE )
98c19800e8SDoug Rabson
99c19800e8SDoug Rabson# this is temporary; keys will eventually
100c19800e8SDoug Rabson# be child entries or compound attributes.
101c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.10
102c19800e8SDoug Rabson	NAME 'krb5Key'
103c19800e8SDoug Rabson	DESC 'Encoded ASN1 Key as an octet string'
104c19800e8SDoug Rabson	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
105c19800e8SDoug Rabson
106c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.11
107c19800e8SDoug Rabson	NAME 'krb5PrincipalRealm'
108c19800e8SDoug Rabson	DESC 'Distinguished name of krb5Realm entry'
109c19800e8SDoug Rabson	SUP distinguishedName )
110c19800e8SDoug Rabson
111c19800e8SDoug Rabsonattributetype ( 1.3.6.1.4.1.5322.10.1.12
112c19800e8SDoug Rabson	NAME 'krb5RealmName'
113c19800e8SDoug Rabson	EQUALITY octetStringMatch
114c19800e8SDoug Rabson	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
115c19800e8SDoug Rabson
116c19800e8SDoug Rabson# Object class definitions
117c19800e8SDoug Rabson
118c19800e8SDoug Rabsonobjectclass ( 1.3.6.1.4.1.5322.10.2.1
119c19800e8SDoug Rabson	NAME 'krb5Principal'
120c19800e8SDoug Rabson	SUP top
121c19800e8SDoug Rabson	AUXILIARY
122c19800e8SDoug Rabson	MUST ( krb5PrincipalName )
123c19800e8SDoug Rabson	MAY ( cn $ krb5PrincipalRealm ) )
124c19800e8SDoug Rabson
125c19800e8SDoug Rabsonobjectclass ( 1.3.6.1.4.1.5322.10.2.2
126c19800e8SDoug Rabson	NAME 'krb5KDCEntry'
127c19800e8SDoug Rabson	SUP krb5Principal
128c19800e8SDoug Rabson	AUXILIARY
129c19800e8SDoug Rabson	MUST ( krb5KeyVersionNumber )
130c19800e8SDoug Rabson	MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
131c19800e8SDoug Rabson              krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
132c19800e8SDoug Rabson              krb5EncryptionType $ krb5Key ) )
133c19800e8SDoug Rabson
134c19800e8SDoug Rabsonobjectclass ( 1.3.6.1.4.1.5322.10.2.3
135c19800e8SDoug Rabson	NAME 'krb5Realm'
136c19800e8SDoug Rabson	SUP top
137c19800e8SDoug Rabson	AUXILIARY
138c19800e8SDoug Rabson	MUST ( krb5RealmName ) )
139c19800e8SDoug Rabson
140