SUMMARY: NESTED | FIELD | | METHOD
DETAIL: FIELD | METHOD

Class AMT_KerberosSettingData

Used in features: Security Administration
Compatible with the following Intel AMT Releases: 3.0, 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0 
CIM_ManagedElement
   extended by CIM_SettingData
      extended by AMT_KerberosSettingData


class AMT_KerberosSettingData
 extends CIM_SettingData


General Information:
The AMT_KerberosSettingData class represents 
configuration-related and operational parameters for the kerberos service in the 
Intel(R) 
AMT.

Qualifiers:
-------------
Version=8.0.0









  
  

    Supported Fields 
      Summary

  

     string 
      
    ElementName 
The 
      user-friendly name for this instance of SettingData . . .

  

     string 
      
    InstanceID Key  
Within the scope of the instantiating Namespace, 
      InstanceID opaquely and uniquely identifies an instance of this class . . 
      .

  

     string 
      
    RealmName 
Kerberos 
      Realm name.

  

     string[4] 
      
    ServicePrincipalName 
      
An array of strings, each of which names a distinct service 
      principal.

  

     uint16[4] 
      
    ServicePrincipalProtocol 
      
An array of 16-bit enumeration values, each of which 
      corresponds to the string in the same position of 
    ServicePrincipalName.

  

     uint32 
      
    KeyVersion 
Key 
      version number . . .

  

     uint16 
      
    EncryptionAlgorithm 
      
A 16-bit enumeration value that identifies the encryption 
      algorithm used in Kerberos authentication.

  

     uint8[16] 
      
    MasterKey 
A 128-bit 
      binary key value . . .

  

     uint32 
      
    MaximumClockTolerance 
The 
      number of minutes by which the clocks of the Intel(R) AMT device and the 
      client and KDC can be out of sync - typically 5 minutes.

  

     boolean 
      
    KrbEnabled 
Indicates 
      whether Kerberos authentication is enabled or disable.

  

     string 
      
    Passphrase 
Used when 
      the key generation method is chosen (RFC 3961,3962) . . .

  

     string 
      
    Salt 
Used when the key 
      generation method is chosen (RFC 3961,3962)

  

     uint32 
      
    IterationCount 
      
Can be used when the key generation method is chosen (RFC 
      3961,3962)

  

     uint16[3] 
      
    SupportedEncryptionAlgorithms 
      
A 16-bit enumeration values that identifier the supported 
      encryption algorithms used in Kerberos authentication.

  

     uint16[3] 
      
    ConfiguredEncryptionAlgorithms 
      
A 16-bit enumeration values that identifier the configured 
      encryption algorithms used in Kerberos 
  authentication.




  
  

    Methods Summary

  

     uint32
    GetCredentialCacheState(Enabled) 
      
GetCredentialCacheState gets the current state of the credential 
      caching functionality

  

     uint32
    SetCredentialCacheState(Enable) 
      
SetCredentialCacheState enables/disables the credential caching 
      functionality

  

     
    Put(Instance) 
Changes 
      properties of the selected instance

  

     
    Get(Instance) 
Gets the 
      representation of the instance

  

     
    Pull(EnumerationContext, 
      MaxElements) 
Pulls instances of this class, following an 
      Enumerate operation

  

     
    Enumerate() 
      
Enumerates the instances of this class

  

     
    Release(EnumerationContext) 
      
Releases an enumeration context




  
  

    Field 
Detail


ElementName 
public string ElementName



  
General Information:
The user-friendly name for this instance of 
  SettingData. In addition, the user-friendly name can be used as an index 
  property for a search or query. (Note: The name does not have to be unique 
  within a namespace.)

Product Specific Usage:
In Intel AMT 
  Release 6.0 and later releases value is "Intel(r) AMT: Kerberos 
  Settings"

Qualifiers:
-------------
Required
Override=ElementName
MaxLen=64


  

  





InstanceID Key 
public string InstanceID



  
General Information:
Within the scope of the instantiating 
  Namespace, InstanceID opaquely and uniquely identifies an instance of this 
  class. To ensure uniqueness within the NameSpace, the value of InstanceID 
  should be constructed using the following "preferred" algorithm: 
  
<OrgID>:<LocalID> 
Where <OrgID> and <LocalID> 
  are separated by a colon (:), and where <OrgID> must include a 
  copyrighted, trademarked, or otherwise unique name that is owned by the 
  business entity that is creating or defining the InstanceID or that is a 
  registered ID assigned to the business entity by a recognized global 
  authority. (This requirement is similar to the <Schema Name>_<Class 
  Name> structure of Schema class names.) In addition, to ensure uniqueness, 
  <OrgID> must not contain a colon (:). When using this algorithm, the 
  first colon to appear in InstanceID must appear between <OrgID> and 
  <LocalID>. 
<LocalID> is chosen by the business entity and 
  should not be reused to identify different underlying (real-world) elements. 
  If the above "preferred" algorithm is not used, the defining entity must 
  assure that the resulting InstanceID is not reused across any InstanceIDs 
  produced by this or other providers for the NameSpace of this instance. 
  
For DMTF-defined instances, the "preferred" algorithm must be used with 
  the <OrgID> set to CIM.

Product Specific Usage:
In 
  Intel AMT Release 6.0 and later releases value is "Intel (r) AMT: Kerberos 
  Settings"

Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=32


  

  





RealmName 
public string RealmName



  
General Information:
Kerberos Realm name.

Product 
  Specific Usage:
The realm name is the Domain name which it belongs 
  to.

Qualifiers:
-------------
MinLen=1
MaxLen=64


  

  





ServicePrincipalName 
public string[4] ServicePrincipalName



  
General Information:
An array of strings, each of which names a 
  distinct service principal.

Product Specific Usage:
In Intel 
  AMT Release 6.0 and later releases this field is not in use and has no 
  impact

Qualifiers:
-------------
MaxLen=267


  

  





ServicePrincipalProtocol 
public uint16[4] ServicePrincipalProtocol



  
General Information:
An array of 16-bit enumeration values, each 
  of which corresponds to the string in the same position of 
  ServicePrincipalName.

Product Specific Usage:
In Intel AMT 
  Release 6.0 and later releases this field is not in use and has no 
  impact

Qualifiers:
-------------
ValueMap={0, 1, 2, 
  3}
Values={HTTP Protocol definition, HTTPS Protocol definition, 
  SOL&IDER protocol definition, SOL&IDER protocol definition (using 
  SSL)}


  

  





KeyVersion 
public uint32 KeyVersion



  
General Information:
Key version number. User can update the 
  value each time the master key is changed.

Product Specific 
  Usage:
In Intel AMT Release 6.0 and later releases the initial value is 
  1.

  

  





EncryptionAlgorithm 
public uint16 EncryptionAlgorithm



  
General Information:
A 16-bit enumeration value that identifies 
  the encryption algorithm used in Kerberos 
  authentication.

Qualifiers:
-------------
ValueMap={0}
Values={RC4 
  encryption and HMAC authentication}


  Note: Support for RC4-HMAC was removed in Intel CSME 18.0.
  

  





MasterKey 
public uint8[16] MasterKey



  
General Information:
A 128-bit binary key value. MasterKey 
  cannot be used if the key generation method is used (using the Passphrase 
  property)

Qualifiers:
-------------
OctetString
MaxLen=16


  Note: This property is deprecated in Release 18.0 in favor of 
      using the Passphrase/Salt combination to set the master key. See Set Kerberos Settings to Support AES Ciphers.
  

  





MaximumClockTolerance 
public uint32 MaximumClockTolerance



  
General Information:
The number of minutes by which the clocks 
  of the Intel(R) AMT device and the client and KDC can be out of sync - 
  typically 5 minutes.

Product Specific Usage:
The maximum 
  supported value is 
  5.

Qualifiers:
-------------
ValueMap={1..255}


  

  





KrbEnabled 
public boolean KrbEnabled



  
General Information:
Indicates whether Kerberos authentication 
  is enabled or 
  disable.

Qualifiers:
-------------
Required


  

  





Passphrase 
public string Passphrase



  
General Information:
Used when the key generation method is 
  chosen (RFC 3961,3962). Salt and IterationCount must be supplied 
  also.

Qualifiers:
-------------
MinLen=1
MaxLen=256


  

  





Salt 
public string Salt



  
General Information:
Used when the key generation method is 
  chosen (RFC 
  3961,3962)

Qualifiers:
-------------
MinLen=1
MaxLen=256


  

  





IterationCount 
public uint32 IterationCount



  
General Information:
Can be used when the key generation method 
  is chosen (RFC 3961,3962)

Product Specific Usage:
Maximum 
  supported value (and default value, if not supplied) is 4096.

  

  





SupportedEncryptionAlgorithms 
public uint16[3] SupportedEncryptionAlgorithms



  
General Information:
A 16-bit enumeration value that identifies 
  the supported encryption algorithms used in Kerberos 
  authentication.

Qualifiers:
-------------
ValueMap={0, 1, 
  2, ..}
Values={RC4-HMAC, AES128-CTS-HMAC-SHA1-96, AES256-CTS-HMAC-SHA1-96, 
  Reserved}


  Note: Support for RC4-HMAC was removed in Intel CSME 18.0. Intel recommends using AES256-CTS-HMAC-SHA1-96.

  
  





ConfiguredEncryptionAlgorithms 
public uint16[3] ConfiguredEncryptionAlgorithms



  
General Information:
A 16-bit enumeration values that identifies 
  the configured encryption algorithms used in Kerberos 
  authentication.

Qualifiers:
-------------
ValueMap={0, 1, 
  2, ..}
Values={RC4-HMAC, AES128-CTS-HMAC-SHA1-96, AES256-CTS-HMAC-SHA1-96, 
  Reserved}


  Note: Support for RC4-HMAC was removed in Intel CSME 18.0. Intel recommends using AES256-CTS-HMAC-SHA1-96.


  Note: Intel AMT does not choose the encryption algorithm to configure based on the values specified by the user. Intel AMT attempts to enable RC4. If a Passphrase and Salt are provided, the AES suites are also configured.
  

  






  
  

    Method 
Detail


GetCredentialCacheState
public uint32 GetCredentialCacheState([OUT]boolean Enabled)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM, 
  ADMIN_SECURITY_GENERAL_INFO_REALM

General 
  Information:
GetCredentialCacheState gets the current state of the 
  credential caching functionality

Product Specific 
  Usage:
Additional Notes: 
1) 'GetCredentialCacheState' is not 
  supported in Intel AMT Release 
  3.0.

Parameters:
--------------

  

    
Enabled 
    
General Information:
Output state of the credential caching 
    functionality

Qualifiers:
-------------
Required
OUT







SetCredentialCacheState
public uint32 SetCredentialCacheState([IN]boolean Enable)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General 
  Information:
SetCredentialCacheState enables/disables the credential 
  caching functionality

Product Specific Usage:
Additional 
  Notes: 
1) 'SetCredentialCacheState' is not supported in Intel AMT Release 
  3.0.

Parameters:
--------------

  

    
Enable 
    
General Information:
New state of the 
    functionality

Qualifiers:
-------------
Required
IN







Put
public  Put([IN]AMT_KerberosSettingData Instance)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General 
  Information:
Changes properties of the selected 
  instance

Product Specific Usage:
The following properties 
  must be included in any representation of AMT_KerberosSettingData: 
  

ElementName (cannot be modified) 
InstanceID (cannot be modified) 
  
KrbEnabled 
MasterKey 
MaximumClockTolerance 
KeyVersion 
  
EncryptionAlgorithm 

In AMT release 8.0 and later, the MasterKey 
  field can be replaced by passphrase, salt and iteration counts fields. 
  






Get
public  Get([OUT]AMT_KerberosSettingData Instance)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM, 
  ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
Gets 
  the representation of the instance





Pull
public  Pull([IN]String EnumerationContext, [IN]String MaxElements)



  
Permission Information:
All users permitted to use method, only 
  instances to whom the user has permissions will be returned

General 
  Information:
Pulls instances of this class, following an Enumerate 
  operation





Enumerate
public  Enumerate()



  
Permission Information:
All users permitted to use 
  method

General Information:
Enumerates the instances of this 
  class





Release
public  Release([IN]String EnumerationContext)



  
Permission Information:
All users permitted to use 
  method

General Information:
Releases an enumeration 
  context






  
  

    SUMMARY: NESTED | FIELD | METHOD
  

  

    DETAIL: FIELD | METHOD



  
  

    
      
Copyright © 2006-2022, Intel 
      Corporation. All rights 
reserved.