// Copyright (c) 2007-2011, Intel Corporation. All rights reserved. 
   [Version ( "8.0.0" ), 
    Description ( 
       "The AMT_KerberosSettingData class represents "
       "configuration-related and operational parameters for the "
       "kerberos service in the Intel(R) AMT." )]
class AMT_KerberosSettingData : CIM_SettingData {

      [Description ( "Kerberos Realm name." ), 
       MinLen ( 1 ), 
       MaxLen ( 63 )]
   string RealmName;

      [Description ( 
          "An array of strings, each of which names a distinct "
          "service principal." )]
   string ServicePrincipalName[];

      [Description ( 
          "An array of 16-bit enumeration values, each of which "
          "corresponds to the string in the same position of "
          "ServicePrincipalName." ), 
       ValueMap { "0", "1", "2", "3" }, 
       Values { "HTTP Protocol definition", 
          "HTTPS Protocol definition", 
          "SOL&IDER protocol definition", 
          "SOL&IDER protocol definition (using SSL)" }]
   uint16 ServicePrincipalProtocol[];

      [Description ( 
          "Key version number. User can update the value each "
          "time the master key is changed." )]
   uint32 KeyVersion;

      [Description ( 
          "A 16-bit enumeration value that identifiers the "
          "encryption algorithm used in Kerberos authentication." ), 
       ValueMap { "0" }, 
       Values { "RC4 encryption and HMAC authentication" }]
   uint16 EncryptionAlgorithm;

      [Description ( "A 128-bit binary key value. MasterKey cannot be used if the key generation method is used " 
           "(using the Passphrase property)"), 
       OctetString]
   uint8 MasterKey[16];

      [Description ( 
          "The number of minutes by which the clocks of the "
          "Intel(R) AMT device and the client and KDC can be out of "
          "sync - typically 5 minutes." ), 
       ValueMap { "1..255" }]
   uint32 MaximumClockTolerance;

      [Required, Description ( 
          "Indicates whether Kerberos authentication is enabled or disable.")]
   boolean KrbEnabled;

      [Description ( 
          "Used when the key generation method is chosen (RFC 3961,3962). Salt and IterationCount must be supplied also." ),
       MinLen ( 1 ), 
       MaxLen ( 32 )]
   string Passphrase;

      [Description ( 
          "Used when the key generation method is chosen (RFC 3961,3962)" ),
       MinLen ( 1 ), 
       MaxLen ( 255 )]
   string Salt;

      [Description ( 
          "Can be used when the key generation method is chosen (RFC 3961,3962)" )]
   uint32 IterationCount;

      [Description ( 
          "A 16-bit enumeration values that identifier the "
          "supported encryption algorithms used in Kerberos authentication." ), 
       ValueMap { "0", "1", "2", ".." }, 
       Values { "RC4-HMAC", "AES128-CTS-HMAC-SHA1-96", "AES256-CTS-HMAC-SHA1-96", "Reserved" }]
   uint16 SupportedEncryptionAlgorithms[];

      [Description ( 
          "A 16-bit enumeration values that identifier the "
          "configured encryption algorithms used in Kerberos authentication." ), 
       ValueMap { "0", "1", "2", ".." }, 
       Values { "RC4-HMAC", "AES128-CTS-HMAC-SHA1-96", "AES256-CTS-HMAC-SHA1-96", "Reserved" }]
   uint16 ConfiguredEncryptionAlgorithms[];


      [Description ( 
          "GetCredentialCacheState gets the current state of the "
          "credential caching functionality" )]
   uint32 GetCredentialCacheState(
         [Required, OUT, Description ( 
             "Output state of the credential caching functionality"
              )]
      boolean Enabled);

      [Description ( 
          "SetCredentialCacheState enables/disables the credential "
          "caching functionality" )]
   uint32 SetCredentialCacheState(
         [Required, IN, Description ( 
             "New state of the functionality" )]
      boolean Enable);

};