Class: Aws::PcaConnectorAd::Types::EnrollmentFlagsV3

Inherits:

Struct

• Object
• Struct
• Aws::PcaConnectorAd::Types::EnrollmentFlagsV3

Includes:

Structure

Defined in:

lib/aws-sdk-pcaconnectorad/types.rb

Overview

Template configurations for v3 template schema.

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #enable_key_reuse_on_nt_token_keyset_storage_full ⇒ Boolean

  Allow renewal using the same key.

• #include_symmetric_algorithms ⇒ Boolean

  Include symmetric algorithms allowed by the subject.

• #no_security_extension ⇒ Boolean

  This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate.

• #remove_invalid_certificate_from_personal_store ⇒ Boolean

  Delete expired or revoked certificates instead of archiving them.

• #user_interaction_required ⇒ Boolean

  Require user interaction when the subject is enrolled and the private key associated with the certificate is used.

Instance Attribute Details

#enable_key_reuse_on_nt_token_keyset_storage_full ⇒ Boolean

Allow renewal using the same key.

Returns:

• (Boolean)

# File 'lib/aws-sdk-pcaconnectorad/types.rb', line 881

class EnrollmentFlagsV3 < Struct.new(
  :enable_key_reuse_on_nt_token_keyset_storage_full,
  :include_symmetric_algorithms,
  :no_security_extension,
  :remove_invalid_certificate_from_personal_store,
  :user_interaction_required)
  SENSITIVE = []
  include Aws::Structure
end

#include_symmetric_algorithms ⇒ Boolean

Include symmetric algorithms allowed by the subject.

Returns:

• (Boolean)

# File 'lib/aws-sdk-pcaconnectorad/types.rb', line 881

class EnrollmentFlagsV3 < Struct.new(
  :enable_key_reuse_on_nt_token_keyset_storage_full,
  :include_symmetric_algorithms,
  :no_security_extension,
  :remove_invalid_certificate_from_personal_store,
  :user_interaction_required)
  SENSITIVE = []
  include Aws::Structure
end

#no_security_extension ⇒ Boolean

This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.

Returns:

• (Boolean)

# File 'lib/aws-sdk-pcaconnectorad/types.rb', line 881

class EnrollmentFlagsV3 < Struct.new(
  :enable_key_reuse_on_nt_token_keyset_storage_full,
  :include_symmetric_algorithms,
  :no_security_extension,
  :remove_invalid_certificate_from_personal_store,
  :user_interaction_required)
  SENSITIVE = []
  include Aws::Structure
end

#remove_invalid_certificate_from_personal_store ⇒ Boolean

Delete expired or revoked certificates instead of archiving them.

Returns:

• (Boolean)

# File 'lib/aws-sdk-pcaconnectorad/types.rb', line 881

class EnrollmentFlagsV3 < Struct.new(
  :enable_key_reuse_on_nt_token_keyset_storage_full,
  :include_symmetric_algorithms,
  :no_security_extension,
  :remove_invalid_certificate_from_personal_store,
  :user_interaction_required)
  SENSITIVE = []
  include Aws::Structure
end

#user_interaction_required ⇒ Boolean

Require user interaction when the subject is enrolled and the private key associated with the certificate is used.

Returns:

• (Boolean)

# File 'lib/aws-sdk-pcaconnectorad/types.rb', line 881

class EnrollmentFlagsV3 < Struct.new(
  :enable_key_reuse_on_nt_token_keyset_storage_full,
  :include_symmetric_algorithms,
  :no_security_extension,
  :remove_invalid_certificate_from_personal_store,
  :user_interaction_required)
  SENSITIVE = []
  include Aws::Structure
end