NAME 'krbPrincipalName'
EQUALITY caseExactIA5Match
SUBSTR caseExactSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
##### If there are multiple krbPrincipalName values for an entry, this
EQUALITY caseExactIA5Match
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### This specifies the type of the principal, the types could be any of
##### the types mentioned in section 6.2 of RFC 4120
NAME 'krbPrincipalType'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### This flag is used to find whether directory User Password has to be used
NAME 'krbUPEnabled'
DESC 'Boolean'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### The time at which the principal expires
NAME 'krbPrincipalExpiration'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### The krbTicketFlags attribute holds information about the kerberos flags for a principal
NAME 'krbTicketFlags'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### The maximum ticket lifetime for a principal in seconds
NAME 'krbMaxTicketLife'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Maximum renewable lifetime for a principal's ticket in seconds
NAME 'krbMaxRenewableAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Forward reference to the Realm object.
attributetypes: ( 2.16.840.1.113719.1.301.4.14.1
NAME 'krbRealmReferences'
EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
##### List of LDAP servers that kerberos servers can contact.
attributetypes: ( 2.16.840.1.113719.1.301.4.15.1
NAME 'krbLdapServers'
EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
##### A set of forward references to the KDC Service objects.
attributetypes: ( 2.16.840.1.113719.1.301.4.17.1
NAME 'krbKdcServers'
EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
##### A set of forward references to the Password Service objects.
attributetypes: ( 2.16.840.1.113719.1.301.4.18.1
NAME 'krbPwdServers'
EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
##### This attribute holds the Host Name or the ip address,
attributetypes: ( 2.16.840.1.113719.1.301.4.24.1
NAME 'krbHostServer'
EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
##### This attribute holds the scope for searching the principals
NAME 'krbSearchScope'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### FDNs pointing to Kerberos principals
attributetypes: ( 2.16.840.1.113719.1.301.4.26.1
NAME 'krbPrincipalReferences'
EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
##### This attribute specifies which attribute of the user objects
NAME 'krbPrincNamingAttr'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### A set of forward references to the Administration Service objects.
attributetypes: ( 2.16.840.1.113719.1.301.4.29.1
NAME 'krbAdmServers'
EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
##### Maximum lifetime of a principal's password
NAME 'krbMaxPwdLife'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Minimum lifetime of a principal's password
NAME 'krbMinPwdLife'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Minimum number of character clases allowed in a password
NAME 'krbPwdMinDiffChars'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Minimum length of the password
NAME 'krbPwdMinLength'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Number of previous versions of passwords that are stored
NAME 'krbPwdHistoryLength'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Number of consecutive pre-authentication failures before lockout
NAME 'krbPwdMaxFailure'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Period after which bad preauthentication count will be reset
NAME 'krbPwdFailureCountInterval'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Period in which lockout is enforced
NAME 'krbPwdLockoutDuration'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Policy attribute flags
NAME 'krbPwdAttributes'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Policy maximum ticket lifetime
NAME 'krbPwdMaxLife'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Policy maximum ticket renewable lifetime
NAME 'krbPwdMaxRenewableLife'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Allowed enctype:salttype combinations for key changes
NAME 'krbPwdAllowedKeysalts'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### FDN pointing to a Kerberos Password Policy object
NAME 'krbPwdPolicyReference'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### The time at which the principal's password expires
NAME 'krbPasswordExpiration'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### This attribute holds the principal's key (krbPrincipalKey) that is encrypted with
attributetypes: ( 2.16.840.1.113719.1.301.4.39.1
NAME 'krbPrincipalKey'
EQUALITY octetStringMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
##### FDN pointing to a Kerberos Ticket Policy object.
NAME 'krbTicketPolicyReference'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### Forward reference to an entry that starts sub-trees
attributetypes: ( 2.16.840.1.113719.1.301.4.41.1
NAME 'krbSubTrees'
EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
##### Holds the default encryption/salt type combinations of principals for
attributetypes: ( 2.16.840.1.113719.1.301.4.42.1
NAME 'krbDefaultEncSaltTypes'
EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
##### Holds the Supported encryption/salt type combinations of principals for
attributetypes: ( 2.16.840.1.113719.1.301.4.43.1
NAME 'krbSupportedEncSaltTypes'
EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
##### This attribute holds the principal's old keys (krbPwdHistory) that is encrypted with
attributetypes: ( 2.16.840.1.113719.1.301.4.44.1
NAME 'krbPwdHistory'
EQUALITY octetStringMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
##### The time at which the principal's password last password change happened.
NAME 'krbLastPwdChange'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### The time at which the principal was last administratively unlocked.
NAME 'krbLastAdminUnlock'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### This attribute holds the kerberos master key.
##### This can be used to encrypt principal keys.
attributetypes: ( 2.16.840.1.113719.1.301.4.46.1
NAME 'krbMKey'
EQUALITY octetStringMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
##### This stores the alternate principal names for the principal in the RFC 1961 specified format
attributetypes: ( 2.16.840.1.113719.1.301.4.47.1
NAME 'krbPrincipalAliases'
EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
##### The time at which the principal's last successful authentication happened.
NAME 'krbLastSuccessfulAuth'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### The time at which the principal's last failed authentication happened.
NAME 'krbLastFailedAuth'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
- SINGLE-VALUE)
+ SINGLE-VALUE )
##### This attribute stores the number of failed authentication attempts
NAME 'krbLoginFailedCount'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE)
+ SINGLE-VALUE )
attributetypes: ( 2.16.840.1.113719.1.301.4.51.1
NAME 'krbExtraData'
EQUALITY octetStringMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
##### This attributes holds references to the set of directory objects.
attributetypes: ( 2.16.840.1.113719.1.301.4.52.1
NAME 'krbObjectReferences'
EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
##### This attribute holds references to a Container object where
attributetypes: ( 2.16.840.1.113719.1.301.4.53.1
NAME 'krbPrincContainerRef'
EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
##### A list of authentication indicator strings, one of which must be satisfied
NAME 'krbAllowedToDelegateTo'
EQUALITY caseExactIA5Match
SUBSTR caseExactSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
########################################################################
########################################################################
projects / thirdparty / krb5.git / commitdiff
