This module contains definitions for managment of security feature defaults used for user account provisioning as well as system...
Version: 2018-07-18
module fujitsu-user-security { yang-version 1; namespace "urn:fujitsu:params:xml:ns:yang:usersecurity"; prefix secu; import fujitsu-user-security-typedefs { prefix usersecu-type; } import tailf-aaa { prefix taa; } organization "Fujitsu Ltd."; contact "Fujitsu Ltd. Address: 2801 Telecom Parkway Richardson, Texas 75082 Tel: +1-800-USE-FTAC (1-800-873-3822) Email: ftac@fnc.fujitsu.com Web: www.fujitsu.com/us/services/telecom"; description "This module contains definitions for managment of security feature defaults used for user account provisioning as well as system wide security feature settings. Copyright (c) 2015 Fujitsu Ltd. All rights reserved. "; revision "2018-07-18" { description "Deprecated unused security params"; } revision "2017-12-22" { description "Crypt password type modified"; } revision "2017-11-06" { description "Modifies the descriptions for level-2 and level-3 Users"; } revision "2017-10-13" { description "Added missing help strings for Systemwide Security elements"; } revision "2017-09-27" { description "deprecated all unused read-write elements from security yang and removed all invisible and read-only unused elements"; } revision "2017-07-05" { description "Security Yang performance improvement"; } revision "2017-06-08" { description "Added description for Authentication order"; } revision "2017-06-06" { description "Moved authentication-order precondition from data model"; } revision "2017-05-26" { description "Added support for configuring Accounting Order"; } revision "2017-05-05" { description "updated must statement and min-elements under authentication-order to support tacacs or radius only cases"; } revision "2017-03-29" { description "cli preformat support removed for pre-login-banner and post-login-banner"; } revision "2017-03-20" { description "Validation check for authentication order"; } revision "2016-11-21" { description "Updated for configurable banner support"; } revision "2016-11-04" { description "Modified the type to password-type for each leaf of rpc change-password"; } revision "2015-09-30"; container security { description "Security related Configurations"; container defaults { status deprecated; leaf uage { type usersecu-type:uage-type; mandatory true; status deprecated; description "(Deprecated) Use 'set security systemwide username-minimum-length <>' instead"; } leaf page { type usersecu-type:page-type; mandatory true; status deprecated; description "(Deprecated) Use 'set security systemwide password-minimum-length <>' instead"; } leaf minit { type usersecu-type:minit-type; mandatory true; status deprecated; } leaf reauth { type usersecu-type:reauth-type; mandatory true; status deprecated; } leaf idle-timeout { type uint64 { range "0 .. 8192"; } mandatory true; status deprecated; } } // container defaults container systemwide { leaf-list authentication-order { type usersecu-type:authentication-type; min-elements 1; max-elements 3; ordered-by user; description "AAA authentication order defines the destination hierarchy for authentication and authorization"; } leaf-list accounting-order { type usersecu-type:accounting-type; max-elements 2; ordered-by user; description "AAA accounting order defines the destination hierarchy for accounting audit logging"; } leaf username-minimum-length { type usersecu-type:umin-type; description "Minimum Username length"; } leaf password-minimum-length { type usersecu-type:pmin-type; description "Minimum Password length"; } leaf password-mode { type usersecu-type:pcontent-type; description "Determines the allowed password content - BASIC or ENHANCED"; } leaf pre-login-banner { type string { length "0..1600"; } default "Welcome to the FUJITSU 1FINITY Copyright Fujitsu Network Communications"; description "Pre-login banner that is to be displayed before user enters the login details"; } leaf post-login-banner { type string { length "0..1600"; } default "NOTICE: THIS IS A PRIVATE COMPUTER SYSTEM. UNAUTHORIZED ACCESS OR USE MAY LEAD TO PROSECUTION."; description "Post-login banner that is to be displayed after successful login"; } leaf uage { type usersecu-type:uage-type; default "OFF"; status deprecated; description "(Deprecated) Systemwide user account aging"; } leaf umin { type usersecu-type:umin-type; status deprecated; description "(Deprecated) Use 'set security systemwide username-minimum-length <>' instead"; } leaf pmin { type usersecu-type:pmin-type; status deprecated; description "(Deprecated) Use 'set security systemwide password-minimum-length <>' instead"; } leaf pcontent { type usersecu-type:pcontent-type; status deprecated; description "(Deprecated) Use 'set security systemwide password-mode <>' instead"; } leaf prot { type usersecu-type:prot-type; status deprecated; description "(Deprecated) Password Rotation"; } leaf smt { type usersecu-type:smt-type; status deprecated; description "(Deprecated) Provides permission to have multiple sessions"; } leaf dural { type usersecu-type:dural-type; status deprecated; description "(Deprecated) Duration of account lockout after maximum number of unsuccessful user login attempts"; } leaf maxinv { type usersecu-type:maxinv-type; status deprecated; description "(Deprecated) Maximum number of unsuccessful user login attempts before account gets locked out"; } leaf lastlogin { type usersecu-type:lastlogin-type; status deprecated; description "(Deprecated) Timestamp of the last login and number of login failures since last successful login"; } leaf warn { type usersecu-type:warn-type; status deprecated; description "(Deprecated) Set warning message"; } leaf debug { type usersecu-type:yORn-type; status deprecated; description "(Deprecated) Enable Debugging level Message"; } } // container systemwide } // container security list usergrp { key "group"; description "User group related configurations"; leaf group { type usersecu-type:group-type; } leaf gid { type int32; } } // list usergrp list usersec { key "username"; status deprecated; description "User security related configurations"; leaf username { type usersecu-type:username-type; must "/secu:users/secu:user[secu:username=current()]/secu:username = current()" { error-message "Entered username must already be provisioned in users."; } status deprecated; } leaf uage { type usersecu-type:uage-type; status deprecated; } leaf page { type usersecu-type:page-type; status deprecated; } leaf pidout { when "../page != 'OFF'"; type int32; config false; status deprecated; } leaf minit { type usersecu-type:minit-type; status deprecated; } leaf reauth { type usersecu-type:reauth-type; status deprecated; } leaf idle-timeout { type int32; status deprecated; } } // list usersec container users { must "boolean(/secu:users/secu:user[(secu:group='level-4') and (secu:adminState='allow')] ) or (/secu:users/secu:user[(secu:group='level-6') and (secu:adminState='allow')])" { error-message "Atleast one Level-4 or Level-6 user with allow admin state must be present"; } description "Users related configurations"; list user { key "username"; max-elements 100; leaf username { type usersecu-type:username-type; mandatory true; } leaf crypt-password { type usersecu-type:crypt-password-type; } leaf password { type usersecu-type:password-type; } leaf group { type usersecu-type:group-type; must "/secu:usergrp[secu:group=current()]/secu:group = current()" { error-message "entered group must be level-1, level-2..., or level-6"; } mandatory true; } leaf adminState { type usersecu-type:adminState-type; default "allow"; } } // list user } // container users rpc change-password { description "RPC to change the logged in user's password"; input { leaf currentPassword { type usersecu-type:password-type; mandatory true; description "provide the current password"; } leaf newPassword { type usersecu-type:password-type; mandatory true; description "provide a new password"; } leaf newPasswordConfirm { type usersecu-type:password-type; mandatory true; description "re-enter the new password "; } } output { leaf status { type enumeration { enum "Successful" { value 1; } enum "Failed" { value 2; } } mandatory true; description "Successful or Failed"; } leaf status-message { type string; description "Gives a more detailed reason for success / failure"; } } } // rpc change-password } // module fujitsu-user-security
© 2023 YumaWorks, Inc. All rights reserved.