netconfcentral logo

openconfig-aaa-types@2018-11-21



  module openconfig-aaa-types {

    yang-version 1;

    namespace
      "http://openconfig.net/yang/aaa/types";

    prefix oc-aaa-types;

    import openconfig-extensions {
      prefix oc-ext;
    }

    organization "OpenConfig working group";

    contact
      "OpenConfig working group
www.openconfig.net";

    description
      "This module defines shared types for data related to AAA
(authentication, authorization, accounting).";

    revision "2018-11-21" {
      description
        "Add OpenConfig module metadata extensions.";
      reference
        "0.4.1";

    }

    revision "2018-04-12" {
      description
        "Add when conditions, correct identities";
      reference
        "0.4.0";

    }

    revision "2017-09-18" {
      description
        "Updated to use OpenConfig types modules";
      reference
        "0.3.0";

    }

    revision "2017-07-06" {
      description
        "Move to oc-inet types, add IETF attribution, add RADIUS
counters, changed password leaf names to indicate hashed";
      reference
        "0.2.0";

    }

    revision "2017-01-29" {
      description "Initial public release";
      reference
        "0.1.0";

    }

    oc-ext:openconfig-version "0.4.1";
    oc-ext:regexp-posix;
    oc-ext:catalog-organization "openconfig";
    oc-ext:origin "openconfig";

    identity AAA_SERVER_TYPE {
      base 
      description
        "Base identity for types of AAA servers";
    }

    identity SYSTEM_DEFINED_ROLES {
      base 
      description
        "Base identity for system_defined roles that can be assigned
to users.";
    }

    identity SYSTEM_ROLE_ADMIN {
      base SYSTEM_DEFINED_ROLES;
      description
        "Built-in role that allows the equivalent of superuser
permission for all configuration and operational commands
on the device.";
    }

    identity AAA_ACCOUNTING_EVENT_TYPE {
      base 
      description
        "Base identity for specifying events types that should be
sent to AAA server for accounting";
    }

    identity AAA_ACCOUNTING_EVENT_COMMAND {
      base AAA_ACCOUNTING_EVENT_TYPE;
      description
        "Specifies interactive command events for AAA accounting";
    }

    identity AAA_ACCOUNTING_EVENT_LOGIN {
      base AAA_ACCOUNTING_EVENT_TYPE;
      description
        "Specifies login events for AAA accounting";
    }

    identity AAA_AUTHORIZATION_EVENT_TYPE {
      base 
      description
        "Base identity for specifying activities that should be
sent to AAA server for authorization";
    }

    identity AAA_AUTHORIZATION_EVENT_COMMAND {
      base AAA_AUTHORIZATION_EVENT_TYPE;
      description
        "Specifies interactive command events for AAA authorization";
    }

    identity AAA_AUTHORIZATION_EVENT_CONFIG {
      base AAA_AUTHORIZATION_EVENT_TYPE;
      description
        "Specifies configuration (e.g., EXEC) events for AAA
authorization";
    }

    identity AAA_METHOD_TYPE {
      base 
      description
        "Base identity to define well-known methods for AAA
operations";
    }

    identity TACACS_ALL {
      base AAA_METHOD_TYPE;
      description
        "The group of all TACACS+ servers.";
    }

    identity RADIUS_ALL {
      base AAA_METHOD_TYPE;
      description
        "The group of all RADIUS servers.";
    }

    identity LOCAL {
      base AAA_METHOD_TYPE;
      description
        "Locally configured method for AAA operations.";
    }

    typedef crypt-password-type {
      type string;
      description
        "A password that is hashed based on the hash algorithm
indicated by the prefix in the string.  The string
takes the following form, based on the Unix crypt function:

$<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]

Common hash functions include:

id  | hash function
---+---------------
 1 | MD5
 2a| Blowfish
 2y| Blowfish (correct handling of 8-bit chars)
 5 | SHA-256
 6 | SHA-512

These may not all be supported by a target device.";
    }
  }  // module openconfig-aaa-types