Class AMT_KerberosSettingData

Used in features: Security Administration
Compatible with the following Intel AMT Releases: 3.0, 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0
CIM_ManagedElement
   extended by CIM_SettingData
      extended by AMT_KerberosSettingData


class AMT_KerberosSettingData
extends CIM_SettingData

General Information:
The AMT_KerberosSettingData class represents configuration-related and operational parameters for the kerberos service in the Intel(R) AMT.

Qualifiers:
-------------
Version=8.0.0


Supported Fields Summary
 string ElementName
The user-friendly name for this instance of SettingData . . .
 string InstanceID Key
Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class . . .
 string RealmName
Kerberos Realm name.
 string[4] ServicePrincipalName
An array of strings, each of which names a distinct service principal.
 uint16[4] ServicePrincipalProtocol
An array of 16-bit enumeration values, each of which corresponds to the string in the same position of ServicePrincipalName.
 uint32 KeyVersion
Key version number . . .
 uint16 EncryptionAlgorithm
A 16-bit enumeration value that identifiers the encryption algorithm used in Kerberos authentication.
 uint8[16] MasterKey
A 128-bit binary key value . . .
 uint32 MaximumClockTolerance
The number of minutes by which the clocks of the Intel(R) AMT device and the client and KDC can be out of sync - typically 5 minutes.
 boolean KrbEnabled
Indicates whether Kerberos authentication is enabled or disable.
 string Passphrase
Used when the key generation method is chosen (RFC 3961,3962) . . .
 string Salt
Used when the key generation method is chosen (RFC 3961,3962)
 uint32 IterationCount
Can be used when the key generation method is chosen (RFC 3961,3962)
 uint16[3] SupportedEncryptionAlgorithms
A 16-bit enumeration values that identifier the supported encryption algorithms used in Kerberos authentication.
 uint16[3] ConfiguredEncryptionAlgorithms
A 16-bit enumeration values that identifier the configured encryption algorithms used in Kerberos authentication.

Methods Summary
 uint32 GetCredentialCacheState(Enabled)
GetCredentialCacheState gets the current state of the credential caching functionality
 uint32 SetCredentialCacheState(Enable)
SetCredentialCacheState enables/disables the credential caching functionality
  Put(Instance)
Changes properties of the selected instance
  Get(Instance)
Gets the representation of the instance
  Pull(EnumerationContext, MaxElements)
Pulls instances of this class, following an Enumerate operation
  Enumerate()
Enumerates the instances of this class
  Release(EnumerationContext)
Releases an enumeration context

Field Detail

ElementName

public string ElementName
General Information:
The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.)

Product Specific Usage:
In Intel AMT Release 6.0 and later releases value is "Intel(r) AMT: Kerberos Settings"

Qualifiers:
-------------
Required
Override=ElementName
MaxLen=64


InstanceID Key

public string InstanceID
General Information:
Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm:
<OrgID>:<LocalID>
Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>.
<LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance.
For DMTF-defined instances, the "preferred" algorithm must be used with the <OrgID> set to CIM.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases value is "Intel (r) AMT: Kerberos Settings"

Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=32


RealmName

public string RealmName
General Information:
Kerberos Realm name.

Product Specific Usage:
The realm name is the Domain name which it belongs to.

Qualifiers:
-------------
MinLen=1
MaxLen=64


ServicePrincipalName

public string[4] ServicePrincipalName
General Information:
An array of strings, each of which names a distinct service principal.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases this field is not in use and has no impact

Qualifiers:
-------------
MaxLen=267


ServicePrincipalProtocol

public uint16[4] ServicePrincipalProtocol
General Information:
An array of 16-bit enumeration values, each of which corresponds to the string in the same position of ServicePrincipalName.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases this field is not in use and has no impact

Qualifiers:
-------------
ValueMap={0, 1, 2, 3}
Values={HTTP Protocol definition, HTTPS Protocol definition, SOL&IDER protocol definition, SOL&IDER protocol definition (using SSL)}


KeyVersion

public uint32 KeyVersion
General Information:
Key version number. User can update the value each time the master key is changed.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases the initial value is 1.


EncryptionAlgorithm

public uint16 EncryptionAlgorithm
General Information:
A 16-bit enumeration value that identifiers the encryption algorithm used in Kerberos authentication.

Qualifiers:
-------------
ValueMap={0}
Values={RC4 encryption and HMAC authentication}


MasterKey

public uint8[16] MasterKey
General Information:
A 128-bit binary key value. MasterKey cannot be used if the key generation method is used (using the Passphrase property)

Qualifiers:
-------------
OctetString
MaxLen=16


MaximumClockTolerance

public uint32 MaximumClockTolerance
General Information:
The number of minutes by which the clocks of the Intel(R) AMT device and the client and KDC can be out of sync - typically 5 minutes.

Product Specific Usage:
The maximum supported value is 5.

Qualifiers:
-------------
ValueMap={1..255}


KrbEnabled

public boolean KrbEnabled
General Information:
Indicates whether Kerberos authentication is enabled or disable.

Qualifiers:
-------------
Required


Passphrase

public string Passphrase
General Information:
Used when the key generation method is chosen (RFC 3961,3962). Salt and IterationCount must be supplied also.

Qualifiers:
-------------
MinLen=1
MaxLen=256


Salt

public string Salt
General Information:
Used when the key generation method is chosen (RFC 3961,3962)

Qualifiers:
-------------
MinLen=1
MaxLen=256


IterationCount

public uint32 IterationCount
General Information:
Can be used when the key generation method is chosen (RFC 3961,3962)

Product Specific Usage:
Maximum supported value (and default value, if not supplied) is 4096.


SupportedEncryptionAlgorithms

public uint16[3] SupportedEncryptionAlgorithms
General Information:
A 16-bit enumeration values that identifier the supported encryption algorithms used in Kerberos authentication.

Qualifiers:
-------------
ValueMap={0, 1, 2, ..}
Values={RC4-HMAC, AES128-CTS-HMAC-SHA1-96, AES256-CTS-HMAC-SHA1-96, Reserved}

Note: While RC4-HMAC is supported, Intel recommends using AES256-CTS-HMAC-SHA1-96.


ConfiguredEncryptionAlgorithms

public uint16[3] ConfiguredEncryptionAlgorithms
General Information:
A 16-bit enumeration values that identifier the configured encryption algorithms used in Kerberos authentication.

Qualifiers:
-------------
ValueMap={0, 1, 2, ..}
Values={RC4-HMAC, AES128-CTS-HMAC-SHA1-96, AES256-CTS-HMAC-SHA1-96, Reserved}

Note: While RC4-HMAC is supported, Intel recommends using AES256-CTS-HMAC-SHA1-96.


Method Detail

GetCredentialCacheState

public uint32 GetCredentialCacheState([OUT]boolean Enabled)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
GetCredentialCacheState gets the current state of the credential caching functionality

Product Specific Usage:
Additional Notes:
1) 'GetCredentialCacheState' is not supported in Intel AMT Release 3.0.

Parameters:
--------------
Enabled
General Information:
Output state of the credential caching functionality

Qualifiers:
-------------
Required
OUT



SetCredentialCacheState

public uint32 SetCredentialCacheState([IN]boolean Enable)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
SetCredentialCacheState enables/disables the credential caching functionality

Product Specific Usage:
Additional Notes:
1) 'SetCredentialCacheState' is not supported in Intel AMT Release 3.0.

Parameters:
--------------
Enable
General Information:
New state of the functionality

Qualifiers:
-------------
Required
IN



Put

public  Put([IN]AMT_KerberosSettingData Instance)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Changes properties of the selected instance

Product Specific Usage:
The following properties must be included in any representation of AMT_KerberosSettingData:

ElementName (cannot be modified)
InstanceID (cannot be modified)
KrbEnabled
MasterKey
MaximumClockTolerance
KeyVersion
EncryptionAlgorithm

In AMT release 8.0 and later, the MasterKey field can be replaced by passphrase, salt and iteration counts fields.


Get

public  Get([OUT]AMT_KerberosSettingData Instance)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
Gets the representation of the instance

Pull

public  Pull([IN]String EnumerationContext, [IN]String MaxElements)
Permission Information:
All users permitted to use method, only instances to whom the user has permissions will be returned

General Information:
Pulls instances of this class, following an Enumerate operation

Enumerate

public  Enumerate()
Permission Information:
All users permitted to use method

General Information:
Enumerates the instances of this class

Release

public  Release([IN]String EnumerationContext)
Permission Information:
All users permitted to use method

General Information:
Releases an enumeration context

Copyright © 2006-2022, Intel Corporation. All rights reserved.