Projects/Reporting-friendly KDB dump format improvements

This project includes improvements to Projects/Reporting-friendly KDB dump format.

Conceptual tables

Principal key history

This is very similar to the keyinfo/keydata table. There is some weird ring buffer stuff that we may or may not want to reflect in the dump.

• Principal name
• Key index
• Key version number (kvno)
• Enctype
• Salt type
• Salt data as hex string (might be "-1" to denote no salt or normal/default salt)

Password policy

• Policy name
• Min password life
• Max password life
• Min password length
• Min password character classes
• Password history length

Lockout policy

• Policy name
• Max failures
• Failure count reset interval
• Lockout duration

Ticket policy

• Policy name
• Max ticket lifetime
• Max renewable ticket lifetime

Policy boolean attributes

As for principal boolean attributes

Policy allowed keysalts

(Is this an ordered list?)

• Policy name
• Enctype
• Salt type

C structure cross reference

krb5_db_entry

magic

(not encoded)

len

mask

(not encoded?)

attributes

princ_flags

max_life

princ_tktpolicy

max_renewable_life

princ_tktpolicy

expiration

princ_tktpolicy

pw_expiration

princ_tktpolicy

last_success

princ_lockout

last_failed

princ_lockout

fail_auth_count

princ_lockout

n_tl_data

(tl_data)

n_key_data

keyinfo/keydata

e_length

(implicit)

e_data

princ_edata

princ

(everywhere)

tl_data

(tl_data)

key_data

keyinfo/keydata

osa_princ_ent_rec

version

policy

princ_meta

aux_attributes

old_key_len

(implicit in oldkeyinfo/oldkeydata)

old_key_next

(implicit in oldkeyinfo/oldkeydata)

old_keys

oldkeyinfo/oldkeydata

admin_history_kvno

princ_meta

tl_data cross reference

KRB5_TL_LAST_PWD_CHANGE

princ_meta

KRB5_TL_MOD_PRINC

princ_meta

KRB5_TL_KADM_DATA

(see osa_princ_ent_rec)

KRB5_TL_MKVNO

princ_meta