Thomas Vachuska | 8ca75a2 | 2017-08-24 16:12:59 -0700 | [diff] [blame] | 1 | module openconfig-aaa-types { |
| 2 | |
| 3 | yang-version "1"; |
| 4 | |
| 5 | // namespace |
| 6 | namespace "http://openconfig.net/yang/aaa/types"; |
| 7 | |
| 8 | prefix "oc-aaa-types"; |
| 9 | |
| 10 | // import some basic types |
| 11 | import openconfig-extensions { prefix oc-ext; } |
| 12 | |
| 13 | |
| 14 | // meta |
| 15 | organization "OpenConfig working group"; |
| 16 | |
| 17 | contact |
| 18 | "OpenConfig working group |
| 19 | www.openconfig.net"; |
| 20 | |
| 21 | description |
| 22 | "This module defines shared types for data related to AAA |
| 23 | (authentication, authorization, accounting)."; |
| 24 | |
| 25 | oc-ext:openconfig-version "0.2.0"; |
| 26 | |
| 27 | revision "2017-07-06" { |
| 28 | description |
| 29 | "Move to oc-inet types, add IETF attribution, add RADIUS |
| 30 | counters, changed password leaf names to indicate hashed"; |
| 31 | reference "0.2.0"; |
| 32 | } |
| 33 | |
| 34 | revision "2017-01-29" { |
| 35 | description |
| 36 | "Initial public release"; |
| 37 | reference "0.1.0"; |
| 38 | } |
| 39 | |
| 40 | |
| 41 | // identity statements |
| 42 | |
| 43 | identity AAA_SERVER_TYPE { |
| 44 | description |
| 45 | "Base identity for types of AAA servers"; |
| 46 | } |
| 47 | |
| 48 | |
| 49 | identity SYSTEM_DEFINED_ROLES { |
| 50 | description |
| 51 | "Base identity for system_defined roles that can be assigned |
| 52 | to users."; |
| 53 | } |
| 54 | |
| 55 | identity SYSTEM_ROLE_ADMIN { |
| 56 | base SYSTEM_DEFINED_ROLES; |
| 57 | description |
| 58 | "Built-in role that allows the equivalent of superuser |
| 59 | permission for all configuration and operational commands |
| 60 | on the device."; |
| 61 | } |
| 62 | |
| 63 | identity AAA_ACCOUNTING_EVENT_TYPE { |
| 64 | description |
| 65 | "Base identity for specifying events types that should be |
| 66 | sent to AAA server for accounting"; |
| 67 | } |
| 68 | |
| 69 | identity AAA_ACCOUNTING_EVENT_COMMAND { |
| 70 | base AAA_ACCOUNTING_EVENT_TYPE; |
| 71 | description |
| 72 | "Specifies interactive command events for AAA accounting"; |
| 73 | } |
| 74 | |
| 75 | identity AAA_ACCOUNTING_EVENT_LOGIN { |
| 76 | base AAA_ACCOUNTING_EVENT_TYPE; |
| 77 | description |
| 78 | "Specifies login events for AAA accounting"; |
| 79 | } |
| 80 | |
| 81 | identity AAA_AUTHORIZATION_EVENT_TYPE { |
| 82 | description |
| 83 | "Base identity for specifying activities that should be |
| 84 | sent to AAA server for authorization"; |
| 85 | } |
| 86 | |
| 87 | identity AAA_AUTHORIZATION_EVENT_COMMAND { |
| 88 | base AAA_ACCOUNTING_EVENT_TYPE; |
| 89 | description |
| 90 | "Specifies interactive command events for AAA authorization"; |
| 91 | } |
| 92 | |
| 93 | identity AAA_AUTHORIZATION_EVENT_CONFIG { |
| 94 | base AAA_ACCOUNTING_EVENT_TYPE; |
| 95 | description |
| 96 | "Specifies configuration (e.g., EXEC) events for AAA |
| 97 | authorization"; |
| 98 | } |
| 99 | |
| 100 | identity AAA_METHOD_TYPE { |
| 101 | description |
| 102 | "Base identity to define well-known methods for AAA |
| 103 | operations"; |
| 104 | } |
| 105 | |
| 106 | identity TACACS_ALL { |
| 107 | base AAA_METHOD_TYPE; |
| 108 | description |
| 109 | "The group of all TACACS+ servers."; |
| 110 | } |
| 111 | |
| 112 | identity RADIUS_ALL { |
| 113 | base AAA_METHOD_TYPE; |
| 114 | description |
| 115 | "The group of all RADIUS servers."; |
| 116 | } |
| 117 | |
| 118 | identity LOCAL { |
| 119 | base AAA_METHOD_TYPE; |
| 120 | description |
| 121 | "Locally configured method for AAA operations."; |
| 122 | } |
| 123 | |
| 124 | |
| 125 | // typedef statements |
| 126 | |
| 127 | typedef crypt-password-type { |
| 128 | type string; |
| 129 | description |
| 130 | "A password that is hashed based on the hash algorithm |
| 131 | indicated by the prefix in the string. The string |
| 132 | takes the following form, based on the Unix crypt function: |
| 133 | |
| 134 | $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]] |
| 135 | |
| 136 | Common hash functions include: |
| 137 | |
| 138 | id | hash function |
| 139 | ---+--------------- |
| 140 | 1 | MD5 |
| 141 | 2a| Blowfish |
| 142 | 2y| Blowfish (correct handling of 8-bit chars) |
| 143 | 5 | SHA-256 |
| 144 | 6 | SHA-512 |
| 145 | |
| 146 | These may not all be supported by a target device."; |
| 147 | } |
| 148 | |
| 149 | |
| 150 | } |