diff options
Diffstat (limited to 'src/plugins/yang/openconfig/openconfig-aaa-types.yang')
-rw-r--r-- | src/plugins/yang/openconfig/openconfig-aaa-types.yang | 162 |
1 files changed, 162 insertions, 0 deletions
diff --git a/src/plugins/yang/openconfig/openconfig-aaa-types.yang b/src/plugins/yang/openconfig/openconfig-aaa-types.yang new file mode 100644 index 0000000..41bd5d9 --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-aaa-types.yang @@ -0,0 +1,162 @@ +module openconfig-aaa-types { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/aaa/types"; + + prefix "oc-aaa-types"; + + // import some basic types + import openconfig-extensions { prefix oc-ext; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines shared types for data related to AAA + (authentication, authorization, accounting)."; + + oc-ext:openconfig-version "0.4.0"; + + revision "2018-04-12" { + description + "Add when conditions, correct identities"; + reference "0.4.0"; + } + + revision "2017-09-18" { + description + "Updated to use OpenConfig types modules"; + reference "0.3.0"; + } + + revision "2017-07-06" { + description + "Move to oc-inet types, add IETF attribution, add RADIUS + counters, changed password leaf names to indicate hashed"; + reference "0.2.0"; + } + + revision "2017-01-29" { + description + "Initial public release"; + reference "0.1.0"; + } + + + // identity statements + + identity AAA_SERVER_TYPE { + description + "Base identity for types of AAA servers"; + } + + + identity SYSTEM_DEFINED_ROLES { + description + "Base identity for system_defined roles that can be assigned + to users."; + } + + identity SYSTEM_ROLE_ADMIN { + base SYSTEM_DEFINED_ROLES; + description + "Built-in role that allows the equivalent of superuser + permission for all configuration and operational commands + on the device."; + } + + identity AAA_ACCOUNTING_EVENT_TYPE { + description + "Base identity for specifying events types that should be + sent to AAA server for accounting"; + } + + identity AAA_ACCOUNTING_EVENT_COMMAND { + base AAA_ACCOUNTING_EVENT_TYPE; + description + "Specifies interactive command events for AAA accounting"; + } + + identity AAA_ACCOUNTING_EVENT_LOGIN { + base AAA_ACCOUNTING_EVENT_TYPE; + description + "Specifies login events for AAA accounting"; + } + + identity AAA_AUTHORIZATION_EVENT_TYPE { + description + "Base identity for specifying activities that should be + sent to AAA server for authorization"; + } + + identity AAA_AUTHORIZATION_EVENT_COMMAND { + base AAA_AUTHORIZATION_EVENT_TYPE; + description + "Specifies interactive command events for AAA authorization"; + } + + identity AAA_AUTHORIZATION_EVENT_CONFIG { + base AAA_AUTHORIZATION_EVENT_TYPE; + description + "Specifies configuration (e.g., EXEC) events for AAA + authorization"; + } + + identity AAA_METHOD_TYPE { + description + "Base identity to define well-known methods for AAA + operations"; + } + + identity TACACS_ALL { + base AAA_METHOD_TYPE; + description + "The group of all TACACS+ servers."; + } + + identity RADIUS_ALL { + base AAA_METHOD_TYPE; + description + "The group of all RADIUS servers."; + } + + identity LOCAL { + base AAA_METHOD_TYPE; + description + "Locally configured method for AAA operations."; + } + + + // typedef statements + + typedef crypt-password-type { + type string; + description + "A password that is hashed based on the hash algorithm + indicated by the prefix in the string. The string + takes the following form, based on the Unix crypt function: + + $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]] + + Common hash functions include: + + id | hash function + ---+--------------- + 1 | MD5 + 2a| Blowfish + 2y| Blowfish (correct handling of 8-bit chars) + 5 | SHA-256 + 6 | SHA-512 + + These may not all be supported by a target device."; + } + + +} |