aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/yang/openconfig/openconfig-aaa-types.yang
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/yang/openconfig/openconfig-aaa-types.yang')
-rw-r--r--src/plugins/yang/openconfig/openconfig-aaa-types.yang162
1 files changed, 162 insertions, 0 deletions
diff --git a/src/plugins/yang/openconfig/openconfig-aaa-types.yang b/src/plugins/yang/openconfig/openconfig-aaa-types.yang
new file mode 100644
index 0000000..41bd5d9
--- /dev/null
+++ b/src/plugins/yang/openconfig/openconfig-aaa-types.yang
@@ -0,0 +1,162 @@
+module openconfig-aaa-types {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/aaa/types";
+
+ prefix "oc-aaa-types";
+
+ // import some basic types
+ import openconfig-extensions { prefix oc-ext; }
+
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines shared types for data related to AAA
+ (authentication, authorization, accounting).";
+
+ oc-ext:openconfig-version "0.4.0";
+
+ revision "2018-04-12" {
+ description
+ "Add when conditions, correct identities";
+ reference "0.4.0";
+ }
+
+ revision "2017-09-18" {
+ description
+ "Updated to use OpenConfig types modules";
+ reference "0.3.0";
+ }
+
+ revision "2017-07-06" {
+ description
+ "Move to oc-inet types, add IETF attribution, add RADIUS
+ counters, changed password leaf names to indicate hashed";
+ reference "0.2.0";
+ }
+
+ revision "2017-01-29" {
+ description
+ "Initial public release";
+ reference "0.1.0";
+ }
+
+
+ // identity statements
+
+ identity AAA_SERVER_TYPE {
+ description
+ "Base identity for types of AAA servers";
+ }
+
+
+ identity SYSTEM_DEFINED_ROLES {
+ description
+ "Base identity for system_defined roles that can be assigned
+ to users.";
+ }
+
+ identity SYSTEM_ROLE_ADMIN {
+ base SYSTEM_DEFINED_ROLES;
+ description
+ "Built-in role that allows the equivalent of superuser
+ permission for all configuration and operational commands
+ on the device.";
+ }
+
+ identity AAA_ACCOUNTING_EVENT_TYPE {
+ description
+ "Base identity for specifying events types that should be
+ sent to AAA server for accounting";
+ }
+
+ identity AAA_ACCOUNTING_EVENT_COMMAND {
+ base AAA_ACCOUNTING_EVENT_TYPE;
+ description
+ "Specifies interactive command events for AAA accounting";
+ }
+
+ identity AAA_ACCOUNTING_EVENT_LOGIN {
+ base AAA_ACCOUNTING_EVENT_TYPE;
+ description
+ "Specifies login events for AAA accounting";
+ }
+
+ identity AAA_AUTHORIZATION_EVENT_TYPE {
+ description
+ "Base identity for specifying activities that should be
+ sent to AAA server for authorization";
+ }
+
+ identity AAA_AUTHORIZATION_EVENT_COMMAND {
+ base AAA_AUTHORIZATION_EVENT_TYPE;
+ description
+ "Specifies interactive command events for AAA authorization";
+ }
+
+ identity AAA_AUTHORIZATION_EVENT_CONFIG {
+ base AAA_AUTHORIZATION_EVENT_TYPE;
+ description
+ "Specifies configuration (e.g., EXEC) events for AAA
+ authorization";
+ }
+
+ identity AAA_METHOD_TYPE {
+ description
+ "Base identity to define well-known methods for AAA
+ operations";
+ }
+
+ identity TACACS_ALL {
+ base AAA_METHOD_TYPE;
+ description
+ "The group of all TACACS+ servers.";
+ }
+
+ identity RADIUS_ALL {
+ base AAA_METHOD_TYPE;
+ description
+ "The group of all RADIUS servers.";
+ }
+
+ identity LOCAL {
+ base AAA_METHOD_TYPE;
+ description
+ "Locally configured method for AAA operations.";
+ }
+
+
+ // typedef statements
+
+ typedef crypt-password-type {
+ type string;
+ description
+ "A password that is hashed based on the hash algorithm
+ indicated by the prefix in the string. The string
+ takes the following form, based on the Unix crypt function:
+
+ $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
+
+ Common hash functions include:
+
+ id | hash function
+ ---+---------------
+ 1 | MD5
+ 2a| Blowfish
+ 2y| Blowfish (correct handling of 8-bit chars)
+ 5 | SHA-256
+ 6 | SHA-512
+
+ These may not all be supported by a target device.";
+ }
+
+
+}