blob: 41bd5d9b1470f5a918ef2612b91af75a198a09d0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
module openconfig-aaa-types {
yang-version "1";
// namespace
namespace "http://openconfig.net/yang/aaa/types";
prefix "oc-aaa-types";
// import some basic types
import openconfig-extensions { prefix oc-ext; }
// meta
organization "OpenConfig working group";
contact
"OpenConfig working group
www.openconfig.net";
description
"This module defines shared types for data related to AAA
(authentication, authorization, accounting).";
oc-ext:openconfig-version "0.4.0";
revision "2018-04-12" {
description
"Add when conditions, correct identities";
reference "0.4.0";
}
revision "2017-09-18" {
description
"Updated to use OpenConfig types modules";
reference "0.3.0";
}
revision "2017-07-06" {
description
"Move to oc-inet types, add IETF attribution, add RADIUS
counters, changed password leaf names to indicate hashed";
reference "0.2.0";
}
revision "2017-01-29" {
description
"Initial public release";
reference "0.1.0";
}
// identity statements
identity AAA_SERVER_TYPE {
description
"Base identity for types of AAA servers";
}
identity SYSTEM_DEFINED_ROLES {
description
"Base identity for system_defined roles that can be assigned
to users.";
}
identity SYSTEM_ROLE_ADMIN {
base SYSTEM_DEFINED_ROLES;
description
"Built-in role that allows the equivalent of superuser
permission for all configuration and operational commands
on the device.";
}
identity AAA_ACCOUNTING_EVENT_TYPE {
description
"Base identity for specifying events types that should be
sent to AAA server for accounting";
}
identity AAA_ACCOUNTING_EVENT_COMMAND {
base AAA_ACCOUNTING_EVENT_TYPE;
description
"Specifies interactive command events for AAA accounting";
}
identity AAA_ACCOUNTING_EVENT_LOGIN {
base AAA_ACCOUNTING_EVENT_TYPE;
description
"Specifies login events for AAA accounting";
}
identity AAA_AUTHORIZATION_EVENT_TYPE {
description
"Base identity for specifying activities that should be
sent to AAA server for authorization";
}
identity AAA_AUTHORIZATION_EVENT_COMMAND {
base AAA_AUTHORIZATION_EVENT_TYPE;
description
"Specifies interactive command events for AAA authorization";
}
identity AAA_AUTHORIZATION_EVENT_CONFIG {
base AAA_AUTHORIZATION_EVENT_TYPE;
description
"Specifies configuration (e.g., EXEC) events for AAA
authorization";
}
identity AAA_METHOD_TYPE {
description
"Base identity to define well-known methods for AAA
operations";
}
identity TACACS_ALL {
base AAA_METHOD_TYPE;
description
"The group of all TACACS+ servers.";
}
identity RADIUS_ALL {
base AAA_METHOD_TYPE;
description
"The group of all RADIUS servers.";
}
identity LOCAL {
base AAA_METHOD_TYPE;
description
"Locally configured method for AAA operations.";
}
// typedef statements
typedef crypt-password-type {
type string;
description
"A password that is hashed based on the hash algorithm
indicated by the prefix in the string. The string
takes the following form, based on the Unix crypt function:
$<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
Common hash functions include:
id | hash function
---+---------------
1 | MD5
2a| Blowfish
2y| Blowfish (correct handling of 8-bit chars)
5 | SHA-256
6 | SHA-512
These may not all be supported by a target device.";
}
}
|