| module openconfig-aaa-types { |
| |
| yang-version "1"; |
| |
| // namespace |
| namespace "http://openconfig.net/yang/aaa/types"; |
| |
| prefix "oc-aaa-types"; |
| |
| // import some basic types |
| import openconfig-extensions { prefix oc-ext; } |
| |
| |
| // meta |
| organization "OpenConfig working group"; |
| |
| contact |
| "OpenConfig working group |
| www.openconfig.net"; |
| |
| description |
| "This module defines shared types for data related to AAA |
| (authentication, authorization, accounting)."; |
| |
| oc-ext:openconfig-version "0.2.0"; |
| |
| revision "2017-07-06" { |
| description |
| "Move to oc-inet types, add IETF attribution, add RADIUS |
| counters, changed password leaf names to indicate hashed"; |
| reference "0.2.0"; |
| } |
| |
| revision "2017-01-29" { |
| description |
| "Initial public release"; |
| reference "0.1.0"; |
| } |
| |
| |
| // identity statements |
| |
| identity AAA_SERVER_TYPE { |
| description |
| "Base identity for types of AAA servers"; |
| } |
| |
| |
| identity SYSTEM_DEFINED_ROLES { |
| description |
| "Base identity for system_defined roles that can be assigned |
| to users."; |
| } |
| |
| identity SYSTEM_ROLE_ADMIN { |
| base SYSTEM_DEFINED_ROLES; |
| description |
| "Built-in role that allows the equivalent of superuser |
| permission for all configuration and operational commands |
| on the device."; |
| } |
| |
| identity AAA_ACCOUNTING_EVENT_TYPE { |
| description |
| "Base identity for specifying events types that should be |
| sent to AAA server for accounting"; |
| } |
| |
| identity AAA_ACCOUNTING_EVENT_COMMAND { |
| base AAA_ACCOUNTING_EVENT_TYPE; |
| description |
| "Specifies interactive command events for AAA accounting"; |
| } |
| |
| identity AAA_ACCOUNTING_EVENT_LOGIN { |
| base AAA_ACCOUNTING_EVENT_TYPE; |
| description |
| "Specifies login events for AAA accounting"; |
| } |
| |
| identity AAA_AUTHORIZATION_EVENT_TYPE { |
| description |
| "Base identity for specifying activities that should be |
| sent to AAA server for authorization"; |
| } |
| |
| identity AAA_AUTHORIZATION_EVENT_COMMAND { |
| base AAA_ACCOUNTING_EVENT_TYPE; |
| description |
| "Specifies interactive command events for AAA authorization"; |
| } |
| |
| identity AAA_AUTHORIZATION_EVENT_CONFIG { |
| base AAA_ACCOUNTING_EVENT_TYPE; |
| description |
| "Specifies configuration (e.g., EXEC) events for AAA |
| authorization"; |
| } |
| |
| identity AAA_METHOD_TYPE { |
| description |
| "Base identity to define well-known methods for AAA |
| operations"; |
| } |
| |
| identity TACACS_ALL { |
| base AAA_METHOD_TYPE; |
| description |
| "The group of all TACACS+ servers."; |
| } |
| |
| identity RADIUS_ALL { |
| base AAA_METHOD_TYPE; |
| description |
| "The group of all RADIUS servers."; |
| } |
| |
| identity LOCAL { |
| base AAA_METHOD_TYPE; |
| description |
| "Locally configured method for AAA operations."; |
| } |
| |
| |
| // typedef statements |
| |
| typedef crypt-password-type { |
| type string; |
| description |
| "A password that is hashed based on the hash algorithm |
| indicated by the prefix in the string. The string |
| takes the following form, based on the Unix crypt function: |
| |
| $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]] |
| |
| Common hash functions include: |
| |
| id | hash function |
| ---+--------------- |
| 1 | MD5 |
| 2a| Blowfish |
| 2y| Blowfish (correct handling of 8-bit chars) |
| 5 | SHA-256 |
| 6 | SHA-512 |
| |
| These may not all be supported by a target device."; |
| } |
| |
| |
| } |