netconfcentral logo

openconfig-aaa-types@2017-09-18



  module openconfig-aaa-types {

    yang-version 1;

    namespace
      "http://openconfig.net/yang/aaa/types";

    prefix oc-aaa-types;

    import openconfig-extensions {
      prefix oc-ext;
    }

    organization "OpenConfig working group";

    contact
      "OpenConfig working group
    www.openconfig.net";

    description
      "This module defines shared types for data related to AAA
    (authentication, authorization, accounting).";

    revision "2017-09-18" {
      description
        "Updated to use OpenConfig types modules";
      reference
        "0.3.0";

    }

    revision "2017-07-06" {
      description
        "Move to oc-inet types, add IETF attribution, add RADIUS
      counters, changed password leaf names to indicate hashed";
      reference
        "0.2.0";

    }

    revision "2017-01-29" {
      description "Initial public release";
      reference
        "0.1.0";

    }

    oc-ext:openconfig-version "0.3.0";

    identity AAA_SERVER_TYPE {
      base 
      description
        "Base identity for types of AAA servers";
    }

    identity SYSTEM_DEFINED_ROLES {
      base 
      description
        "Base identity for system_defined roles that can be assigned
      to users.";
    }

    identity SYSTEM_ROLE_ADMIN {
      base SYSTEM_DEFINED_ROLES;
      description
        "Built-in role that allows the equivalent of superuser
      permission for all configuration and operational commands
      on the device.";
    }

    identity AAA_ACCOUNTING_EVENT_TYPE {
      base 
      description
        "Base identity for specifying events types that should be
      sent to AAA server for accounting";
    }

    identity AAA_ACCOUNTING_EVENT_COMMAND {
      base AAA_ACCOUNTING_EVENT_TYPE;
      description
        "Specifies interactive command events for AAA accounting";
    }

    identity AAA_ACCOUNTING_EVENT_LOGIN {
      base AAA_ACCOUNTING_EVENT_TYPE;
      description
        "Specifies login events for AAA accounting";
    }

    identity AAA_AUTHORIZATION_EVENT_TYPE {
      base 
      description
        "Base identity for specifying activities that should be
      sent to AAA server for authorization";
    }

    identity AAA_AUTHORIZATION_EVENT_COMMAND {
      base AAA_ACCOUNTING_EVENT_TYPE;
      description
        "Specifies interactive command events for AAA authorization";
    }

    identity AAA_AUTHORIZATION_EVENT_CONFIG {
      base AAA_ACCOUNTING_EVENT_TYPE;
      description
        "Specifies configuration (e.g., EXEC) events for AAA
      authorization";
    }

    identity AAA_METHOD_TYPE {
      base 
      description
        "Base identity to define well-known methods for AAA
      operations";
    }

    identity TACACS_ALL {
      base AAA_METHOD_TYPE;
      description
        "The group of all TACACS+ servers.";
    }

    identity RADIUS_ALL {
      base AAA_METHOD_TYPE;
      description
        "The group of all RADIUS servers.";
    }

    identity LOCAL {
      base AAA_METHOD_TYPE;
      description
        "Locally configured method for AAA operations.";
    }

    typedef crypt-password-type {
      type string;
      description
        "A password that is hashed based on the hash algorithm
      indicated by the prefix in the string.  The string
      takes the following form, based on the Unix crypt function:

      $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]

      Common hash functions include:

      id  | hash function
       ---+---------------
        1 | MD5
        2a| Blowfish
        2y| Blowfish (correct handling of 8-bit chars)
        5 | SHA-256
        6 | SHA-512

      These may not all be supported by a target device.";
    }
  }  // module openconfig-aaa-types