Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / 6655bee7988213b1ea9b4411c3e6979797e902f0 / . / models / openconfig / src / main / yang / system / openconfig-aaa-types.yang
blob: a42802f29563c6d8fc30d0eebb9181a5d26831e8 [file] [log] [blame]
Thomas Vachuska6655bee2017-08-24 16:12:59 -0700[diff] [blame^]1module openconfig-aaa-types {
2
3 yang-version "1";
4
5 // namespace
6 namespace "http://openconfig.net/yang/aaa/types";
7
8 prefix "oc-aaa-types";
9
10 // import some basic types
11 import openconfig-extensions { prefix oc-ext; }
12
13
14 // meta
15 organization "OpenConfig working group";
16
17 contact
18 "OpenConfig working group
19 www.openconfig.net";
20
21 description
22 "This module defines shared types for data related to AAA
23 (authentication, authorization, accounting).";
24
25 oc-ext:openconfig-version "0.2.0";
26
27 revision "2017-07-06" {
28 description
29 "Move to oc-inet types, add IETF attribution, add RADIUS
30 counters, changed password leaf names to indicate hashed";
31 reference "0.2.0";
32 }
33
34 revision "2017-01-29" {
35 description
36 "Initial public release";
37 reference "0.1.0";
38 }
39
40
41 // identity statements
42
43 identity AAA_SERVER_TYPE {
44 description
45 "Base identity for types of AAA servers";
46 }
47
48
49 identity SYSTEM_DEFINED_ROLES {
50 description
51 "Base identity for system_defined roles that can be assigned
52 to users.";
53 }
54
55 identity SYSTEM_ROLE_ADMIN {
56 base SYSTEM_DEFINED_ROLES;
57 description
58 "Built-in role that allows the equivalent of superuser
59 permission for all configuration and operational commands
60 on the device.";
61 }
62
63 identity AAA_ACCOUNTING_EVENT_TYPE {
64 description
65 "Base identity for specifying events types that should be
66 sent to AAA server for accounting";
67 }
68
69 identity AAA_ACCOUNTING_EVENT_COMMAND {
70 base AAA_ACCOUNTING_EVENT_TYPE;
71 description
72 "Specifies interactive command events for AAA accounting";
73 }
74
75 identity AAA_ACCOUNTING_EVENT_LOGIN {
76 base AAA_ACCOUNTING_EVENT_TYPE;
77 description
78 "Specifies login events for AAA accounting";
79 }
80
81 identity AAA_AUTHORIZATION_EVENT_TYPE {
82 description
83 "Base identity for specifying activities that should be
84 sent to AAA server for authorization";
85 }
86
87 identity AAA_AUTHORIZATION_EVENT_COMMAND {
88 base AAA_ACCOUNTING_EVENT_TYPE;
89 description
90 "Specifies interactive command events for AAA authorization";
91 }
92
93 identity AAA_AUTHORIZATION_EVENT_CONFIG {
94 base AAA_ACCOUNTING_EVENT_TYPE;
95 description
96 "Specifies configuration (e.g., EXEC) events for AAA
97 authorization";
98 }
99
100 identity AAA_METHOD_TYPE {
101 description
102 "Base identity to define well-known methods for AAA
103 operations";
104 }
105
106 identity TACACS_ALL {
107 base AAA_METHOD_TYPE;
108 description
109 "The group of all TACACS+ servers.";
110 }
111
112 identity RADIUS_ALL {
113 base AAA_METHOD_TYPE;
114 description
115 "The group of all RADIUS servers.";
116 }
117
118 identity LOCAL {
119 base AAA_METHOD_TYPE;
120 description
121 "Locally configured method for AAA operations.";
122 }
123
124
125 // typedef statements
126
127 typedef crypt-password-type {
128 type string;
129 description
130 "A password that is hashed based on the hash algorithm
131 indicated by the prefix in the string. The string
132 takes the following form, based on the Unix crypt function:
133
134 $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
135
136 Common hash functions include:
137
138 id | hash function
139 ---+---------------
140 1 | MD5
141 2a| Blowfish
142 2y| Blowfish (correct handling of 8-bit chars)
143 5 | SHA-256
144 6 | SHA-512
145
146 These may not all be supported by a target device.";
147 }
148
149
150}