| Class | Description |
|---|---|
| AdInitialVerifiedCas |
AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier
|
| AlgorithmIdentifiers |
trustedCertifiers SEQUENCE OF AlgorithmIdentifier OPTIONAL,
|
| AuthPack |
AuthPack ::= SEQUENCE {
pkAuthenticator [0] PKAuthenticator,
clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
clientDHNonce [3] DHNonce OPTIONAL
supportedKDFs [4] SEQUENCE OF KDFAlgorithmId OPTIONAL,
-- Contains an unordered set of KDFs supported by the client.
|
| DhNonce |
DHNonce ::= OCTET STRING
|
| DhRepInfo |
DhRepInfo ::= SEQUENCE {
dhSignedData [0] IMPLICIT OCTET STRING,
serverDHNonce [1] DHNonce OPTIONAL
kdf [2] KDFAlgorithmId OPTIONAL,
-- The KDF picked by the KDC.
|
| ExternalPrincipalIdentifier |
ExternalPrincipalIdentifier ::= SEQUENCE {
subjectName [0] IMPLICIT OCTET STRING OPTIONAL,
issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL,
subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL
}
|
| KdcDhKeyInfo |
KDCDHKeyInfo ::= SEQUENCE {
subjectPublicKey [0] BIT STRING,
nonce [1] INTEGER (0..4294967295),
dhKeyExpiration [2] KerberosTime OPTIONAL,
}
|
| KdfAlgorithmId | |
| Krb5PrincipalName |
KRB5PrincipalName ::= SEQUENCE {
realm [0] Realm,
principalName [1] PrincipalName
}
|
| PaPkAsRep |
PA-PK-AS-REP ::= CHOICE {
dhInfo [0] DhRepInfo,
encKeyPack [1] IMPLICIT OCTET STRING,
}
|
| PaPkAsReq |
PA-PK-AS-REQ ::= SEQUENCE {
signedAuthPack [0] IMPLICIT OCTET STRING,
trustedCertifiers [1] SEQUENCE OF ExternalPrincipalIdentifier OPTIONAL,
kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL
}
|
| PkAuthenticator |
PKAuthenticator ::= SEQUENCE {
cusec [0] INTEGER (0..999999),
ctime [1] KerberosTime,
-- cusec and ctime are used as in [RFC4120], for
-- replay prevention.
|
| ReplyKeyPack |
ReplyKeyPack ::= SEQUENCE {
replyKey [0] EncryptionKey,
asChecksum [1] Checksum,
}
|
| SupportedKdfs | |
| TdDhParameters |
TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier
|
| TrustedCertifiers |
trustedCertifiers SEQUENCE OF ExternalPrincipalIdentifier OPTIONAL,
|
Copyright © 2014–2019 The Apache Software Foundation. All rights reserved.