module openconfig-aaa-types { yang-version 1; namespace "http://openconfig.net/yang/aaa/types"; prefix oc-aaa-types; import openconfig-extensions { prefix oc-ext; } organization "OpenConfig working group"; contact "OpenConfig working group www.openconfig.net"; description "This module defines shared types for data related to AAA (authentication, authorization, accounting)."; revision 2018-11-21 { description "Add OpenConfig module metadata extensions."; reference "0.4.1"; } revision 2018-04-12 { description "Add when conditions, correct identities"; reference "0.4.0"; } revision 2017-09-18 { description "Updated to use OpenConfig types modules"; reference "0.3.0"; } revision 2017-07-06 { description "Move to oc-inet types, add IETF attribution, add RADIUS counters, changed password leaf names to indicate hashed"; reference "0.2.0"; } revision 2017-01-29 { description "Initial public release"; reference "0.1.0"; } oc-ext:openconfig-version "0.4.1"; oc-ext:regexp-posix; oc-ext:catalog-organization "openconfig"; oc-ext:origin "openconfig"; identity AAA_SERVER_TYPE { description "Base identity for types of AAA servers"; } identity SYSTEM_DEFINED_ROLES { description "Base identity for system_defined roles that can be assigned to users."; } identity SYSTEM_ROLE_ADMIN { base SYSTEM_DEFINED_ROLES; description "Built-in role that allows the equivalent of superuser permission for all configuration and operational commands on the device."; } identity AAA_ACCOUNTING_EVENT_TYPE { description "Base identity for specifying events types that should be sent to AAA server for accounting"; } identity AAA_ACCOUNTING_EVENT_COMMAND { base AAA_ACCOUNTING_EVENT_TYPE; description "Specifies interactive command events for AAA accounting"; } identity AAA_ACCOUNTING_EVENT_LOGIN { base AAA_ACCOUNTING_EVENT_TYPE; description "Specifies login events for AAA accounting"; } identity AAA_AUTHORIZATION_EVENT_TYPE { description "Base identity for specifying activities that should be sent to AAA server for authorization"; } identity AAA_AUTHORIZATION_EVENT_COMMAND { base AAA_AUTHORIZATION_EVENT_TYPE; description "Specifies interactive command events for AAA authorization"; } identity AAA_AUTHORIZATION_EVENT_CONFIG { base AAA_AUTHORIZATION_EVENT_TYPE; description "Specifies configuration (e.g., EXEC) events for AAA authorization"; } identity AAA_METHOD_TYPE { description "Base identity to define well-known methods for AAA operations"; } identity TACACS_ALL { base AAA_METHOD_TYPE; description "The group of all TACACS+ servers."; } identity RADIUS_ALL { base AAA_METHOD_TYPE; description "The group of all RADIUS servers."; } identity LOCAL { base AAA_METHOD_TYPE; description "Locally configured method for AAA operations."; } typedef crypt-password-type { type string; description "A password that is hashed based on the hash algorithm indicated by the prefix in the string. The string takes the following form, based on the Unix crypt function: $[$=(,=)*][$[$]] Common hash functions include: id | hash function ---+--------------- 1 | MD5 2a| Blowfish 2y| Blowfish (correct handling of 8-bit chars) 5 | SHA-256 6 | SHA-512 These may not all be supported by a target device."; } }