idnits 2.17.1 draft-ietf-netmod-system-mgmt-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 188 has weird spacing: '...address ine...' == Line 525 has weird spacing: '...atabase http:...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (December 26, 2012) is 4132 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Experimental draft: draft-lange-netmod-iana-timezones (ref. 'I-D.lange-netmod-iana-timezones') -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEE-1003.1-2008' ** Downref: Normative reference to an Informational RFC: RFC 1321 ** Obsolete normative reference: RFC 6021 (Obsoleted by RFC 6991) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) Summary: 4 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Bierman 3 Internet-Draft YumaWorks 4 Intended status: Standards Track M. Bjorklund 5 Expires: June 29, 2013 Tail-f Systems 6 December 26, 2012 8 YANG Data Model for System Management 9 draft-ietf-netmod-system-mgmt-04 11 Abstract 13 This document defines a YANG data model for the configuration and 14 identification of the management system of a device. 16 Status of this Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on June 29, 2013. 33 Copyright Notice 35 Copyright (c) 2012 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 51 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 52 1.1.1. Terms . . . . . . . . . . . . . . . . . . . . . . . . 3 53 2. Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . 4 54 2.1. System Identification . . . . . . . . . . . . . . . . . . 4 55 2.2. System Time Management . . . . . . . . . . . . . . . . . . 4 56 2.3. User Authentication . . . . . . . . . . . . . . . . . . . 4 57 3. System Data Model . . . . . . . . . . . . . . . . . . . . . . 5 58 3.1. System Identification . . . . . . . . . . . . . . . . . . 5 59 3.2. System Time Management . . . . . . . . . . . . . . . . . . 5 60 3.3. DNS Resolver Model . . . . . . . . . . . . . . . . . . . . 5 61 3.4. RADIUS Client Model . . . . . . . . . . . . . . . . . . . 6 62 3.5. User Authentication Model . . . . . . . . . . . . . . . . 6 63 3.5.1. SSH Public Key Authentication . . . . . . . . . . . . 7 64 3.5.2. Local User Password Authentication . . . . . . . . . . 7 65 3.5.3. RADIUS Password Authentication . . . . . . . . . . . . 7 66 3.6. System Control . . . . . . . . . . . . . . . . . . . . . . 8 67 4. System YANG module . . . . . . . . . . . . . . . . . . . . . . 9 68 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 69 6. Security Considerations . . . . . . . . . . . . . . . . . . . 26 70 7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 28 71 7.1. 00-01 . . . . . . . . . . . . . . . . . . . . . . . . . . 28 72 7.2. 01-02 . . . . . . . . . . . . . . . . . . . . . . . . . . 28 73 7.3. 02-03 . . . . . . . . . . . . . . . . . . . . . . . . . . 28 74 7.4. 03-04 . . . . . . . . . . . . . . . . . . . . . . . . . . 28 75 8. Normative References . . . . . . . . . . . . . . . . . . . . . 29 76 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 31 78 1. Introduction 80 This document defines a YANG [RFC6020] data model for the 81 configuration and identification of the management system of a 82 device. 84 Devices that are managed by NETCONF and perhaps other mechanisms have 85 common properties that need to be configured and monitored in a 86 standard way. 88 The "ietf-system" YANG module defined in this document provides the 89 following features: 91 o system administrative data configuration 93 o system identification monitoring 95 o system time-of-day configuration and monitoring 97 o user authentication configuration 99 o local users configuration 101 1.1. Terminology 103 The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 104 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 105 "OPTIONAL" in this document are to be interpreted as described in BCP 106 14, [RFC2119]. 108 1.1.1. Terms 110 The following terms are used within this document: 112 o system: This term refers to the embodiment of the entire set of 113 management interfaces that a single NETCONF server is supporting 114 at a given moment. The set of physical entities managed by a 115 single NETCONF server can be static or it can change dynamically. 117 2. Objectives 119 2.1. System Identification 121 There are many common properties used to identify devices, operating 122 systems, software versions, etc. that need to be supported in the 123 system data module. These objects are defined as operational data 124 and intended to be specific to the device vendor. 126 Some user-configurable administrative strings are also provided such 127 as the system location and description. 129 2.2. System Time Management 131 The management of the date and time used by the system need to be 132 supported. Use of one or more NTP servers to automatically set the 133 system date and time need to be possible. Utilization of the 134 Timezone database [RFC6557] also need to be supported. 136 2.3. User Authentication 138 The authentication mechanism need to support password authentication 139 over RADIUS, to support deployment scenarios with centralized 140 authentication servers. Additionally, local users need to be 141 supported, for scenarios when no centralized authentication server 142 exists, or for situations where the centralized authentication server 143 cannot be reached from the device. 145 Since the mandatory transport protocol for NETCONF is SSH [RFC6242] 146 the authentication model need to support SSH's "publickey" and 147 "password" authentication methods [RFC4252]. 149 The model for authentication configuration should be flexible enough 150 to support authentication methods defined by other standard documents 151 or by vendors. 153 3. System Data Model 155 3.1. System Identification 157 The data model for system identification has the following structure: 159 +--rw system 160 +--rw contact? string 161 +--rw name? string 162 +--rw location? string 163 +--ro platform 164 +--ro os-name? string 165 +--ro os-release? string 166 +--ro os-version? string 167 +--ro machine? string 168 +--ro nodename? string 170 3.2. System Time Management 172 The data model for system time management has the following 173 structure: 175 +--rw system 176 +--rw clock 177 | +--ro current-datetime? yang:date-and-time 178 | +--ro boot-datetime? yang:date-and-time 179 | +--rw (timezone)? 180 | +--:(timezone-location) 181 | | +--rw timezone-location? string 182 | +--:(timezone-utc-offset) 183 | +--rw timezone-utc-offset? int16 184 +--rw ntp 185 +--rw use-ntp? boolean 186 +--rw ntp-server [address] 187 +--rw association-type? enumeration 188 +--rw address inet:host 189 +--rw enabled? boolean 190 +--rw iburst? boolean 191 +--rw prefer? boolean 193 3.3. DNS Resolver Model 195 The data model for configuration of the DNS resolver has the 196 following structure: 198 +--rw system 199 +--rw dns 200 +--rw search* inet:host 201 +--rw server* inet:ip-address 202 +--rw options 203 +--rw timeout? uint8 204 +--rw attempts? uint8 206 3.4. RADIUS Client Model 208 The data model for configuration of the RADIUS client has the 209 following structure: 211 +--rw system 212 +--rw radius 213 +--rw server [address] 214 | +--rw address inet:host 215 | +--rw authentication-port? inet:port-number 216 | +--rw shared-secret? string 217 +--rw options 218 +--rw timeout? uint8 219 +--rw attempts? uint8 221 3.5. User Authentication Model 223 This document defines three authentication methods for use with 224 NETCONF: 226 o publickey for local users over SSH 228 o password for local users over any transport 230 o password for RADIUS users over any transport 232 Additional methods can be defined by other standard documents or by 233 vendors. 235 This document defines two optional YANG features, "local-users" and 236 "radius-authentication", which the server advertises to indicate 237 support for configuring local users on the device, and support for 238 using RADIUS for authentication, respectively. 240 The authentication parameters defined in this document are primarily 241 used to configure authentication of NETCONF users, but MAY also be 242 used by other interfaces, e.g., a Command Line Interface or a Web- 243 based User Interface. 245 The data model for user authentication has the following structure: 247 +--rw system 248 +--rw authentication 249 +--rw user-authentication-order* identityref 250 +--rw user [name] 251 +--rw name string 252 +--rw password? crypt-hash 253 +--rw ssh-key [name] 254 +--rw name string 255 +--rw algorithm? string 256 +--rw key-data? binary 258 3.5.1. SSH Public Key Authentication 260 If the NETCONF server advertises the "local-users" feature, 261 configuration of local users and their SSH public keys is supported 262 in the /system/authentication/user list. 264 Public key authentication is requested by the SSH client. If the 265 "local-users" feature is supported, then when a NETCONF client starts 266 an SSH session towards the server using the "publickey" 267 authentication "method name" [RFC4252], the SSH server looks up the 268 user name given in the SSH authentication request in the /system/ 269 authentication/user list, and verifies the key as described in 270 [RFC4253]. 272 3.5.2. Local User Password Authentication 274 If the NETCONF server advertises the "local-users" feature, 275 configuration of local users and their passwords is supported in the 276 /system/authentication/user list. 278 For NETCONF transport protocols that support password authentication, 279 the leaf-list "user-authentication-order" is used to control if local 280 user password authentication should be used. 282 In SSH, password authentication is requested by the client. Other 283 NETCONF transport protocols MAY also support password authentication. 285 When local user password authentication is requested, the NETCONF 286 transport looks up the user name provided by the client in the 287 /system/ authentication/user list, and verifies the password. 289 3.5.3. RADIUS Password Authentication 291 If the NETCONF server advertises the "radius-authentication" feature, 292 the device supports user authentication using RADIUS. 294 For NETCONF transport protocols that support password authentication, 295 the leaf-list "user-authentication-order" is used to control if 296 RADIUS password authentication should be used. 298 In SSH, password authentication is requested by the client. Other 299 NETCONF transport protocols MAY also support password authentication. 301 3.6. System Control 303 Two protocol operations are included to restart or shutdown the 304 system. The 'system-restart' operation can be used to restart the 305 entire system (not just the NETCONF server). The 'system-shutdown' 306 operation can be used to power off the entire system. 308 4. System YANG module 310 This YANG module imports YANG extensions from [RFC6536], and imports 311 YANG types from [RFC6021] and [I-D.lange-netmod-iana-timezones]. It 312 also references [RFC1321], [RFC2865], [RFC3418], [RFC5607], 313 [IEEE-1003.1-2008], and [FIPS.180-3.2008]. 315 RFC Ed.: update the date below with the date of RFC publication and 316 remove this note. 318 file "ietf-system@2012-12-26.yang" 320 module ietf-system { 321 namespace "urn:ietf:params:xml:ns:yang:ietf-system"; 322 prefix "sys"; 324 import ietf-yang-types { 325 prefix yang; 326 } 328 import ietf-inet-types { 329 prefix inet; 330 } 332 import ietf-netconf-acm { 333 prefix nacm; 334 } 336 import iana-timezones { 337 prefix ianatz; 338 } 340 organization 341 "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; 343 contact 344 "WG Web: 345 WG List: 347 WG Chair: David Kessens 348 350 WG Chair: Juergen Schoenwaelder 351 353 Editor: Andy Bierman 354 356 Editor: Martin Bjorklund 357 "; 359 description 360 "This module contains a collection of YANG definitions for the 361 configuration and identification of the management system of a 362 device. 364 Copyright (c) 2012 IETF Trust and the persons identified as 365 authors of the code. All rights reserved. 367 Redistribution and use in source and binary forms, with or 368 without modification, is permitted pursuant to, and subject 369 to the license terms contained in, the Simplified BSD License 370 set forth in Section 4.c of the IETF Trust's Legal Provisions 371 Relating to IETF Documents 372 (http://trustee.ietf.org/license-info). 374 This version of this YANG module is part of RFC XXXX; see 375 the RFC itself for full legal notices."; 377 // RFC Ed.: replace XXXX with actual RFC number and remove this 378 // note. 380 // RFC Ed.: remove this note 381 // Note: extracted from draft-ietf-netmod-system-mgmt-04.txt 383 // RFC Ed.: update the date below with the date of RFC publication 384 // and remove this note. 385 revision "2012-12-26" { 386 description 387 "Initial revision."; 388 reference 389 "RFC XXXX: A YANG Data Model for System Management"; 390 } 392 /* 393 * Typedefs 394 */ 396 typedef crypt-hash { 397 type string { 398 pattern "$0$.*|$(1|5|6)$[a-zA-Z0-9./]{2,16}$.*"; 399 } 400 description 401 "The crypt-hash type is used to store passwords using 402 a hash function. This type is implemented in various UNIX 403 systems as the function crypt(3). 405 When a clear text value is set to a leaf of this type, the 406 server calculates a password hash, and stores the result 407 in the datastore. Thus, the password is never stored in 408 clear text. 410 When a leaf of this type is read, the stored password hash is 411 returned. 413 A value of this type matches one of the forms: 415 $0$ 416 $$$ 418 The '$0$' prefix signals that the value is clear text. When 419 such a value is received by the server, a hash value is 420 calculated, and the string '$$$' is prepended to the 421 result, where is a random 2-16 characters long salt 422 used to generate the digest. This value is stored in the 423 configuration data store. 425 If a value starting with '$$$' is received, the 426 server knows that the value already represents a hashed value, 427 and stores it as is in the data store. 429 When a server needs to verify a password given by a user, it 430 finds the stored password hash string for that user, extracts 431 the salt, and calculates the hash with the salt and given 432 password as input. If the calculated hash value is the same 433 as the stored value, the password given by the client is 434 correct. 436 This type defines the following hash functions: 438 id | hash function | feature 439 ---+---------------+------------------- 440 1 | MD5 | crypt-hash-md5 441 5 | SHA-256 | crypt-hash-sha-256 442 6 | SHA-512 | crypt-hash-sha-512 444 The server indicates support for the different hash functions 445 by advertising the corresponding feature."; 446 reference 447 "IEEE Std 1003.1-2008 - crypt() function 448 Wikipedia: http://en.wikipedia.org/wiki/Crypt_(Unix) 449 RFC 1321: The MD5 Message-Digest Algorithm 450 FIPS.180-3.2008: Secure Hash Standard"; 451 } 452 /* 453 * Features 454 */ 456 feature radius { 457 description 458 "Indicates that the device can be configured as a RADIUS 459 client."; 460 reference 461 "RFC 2865: Remote Authentication Dial In User Service " 462 + "(RADIUS)"; 463 } 465 feature authentication { 466 description 467 "Indicates that the device can be configured 468 to do authentication of users."; 469 } 471 feature local-users { 472 if-feature authentication; 473 description 474 "Indicates that the device supports 475 local user authentication."; 476 } 478 feature radius-authentication { 479 if-feature radius; 480 if-feature authentication; 481 description 482 "Indicates that the device supports user authentication over 483 RADIUS."; 484 reference 485 "RFC 2865: Remote Authentication Dial In User Service (RADIUS) 486 RFC 5607: Remote Authentication Dial-In User Service (RADIUS) 487 Authorization for Network Access Server (NAS) 488 Management"; 489 } 491 feature crypt-hash-md5 { 492 description 493 "Indicates that the device supports the MD5 494 hash function in 'crypt-hash' values"; 495 reference "RFC 1321: The MD5 Message-Digest Algorithm"; 496 } 498 feature crypt-hash-sha-256 { 499 description 500 "Indicates that the device supports the SHA-256 501 hash function in 'crypt-hash' values"; 502 reference "FIPS.180-3.2008: Secure Hash Standard"; 503 } 505 feature crypt-hash-sha-512 { 506 description 507 "Indicates that the device supports the SHA-512 508 hash function in 'crypt-hash' values"; 509 reference "FIPS.180-3.2008: Secure Hash Standard"; 510 } 512 feature ntp { 513 description 514 "Indicates that the device can be configured 515 to use one or more NTP servers to set the 516 system date and time."; 517 } 519 feature timezone-location { 520 description 521 "Indicates that the local timezone on the device 522 can be configured to use the TZ database 523 to set the timezone and manage daylight savings time."; 524 reference 525 "TZ Database http://www.twinsun.com/tz/tz-link.htm 526 Maintaining the Timezone Database 527 RFC 6557 (BCP 175)"; 528 } 530 /* 531 * Identities 532 */ 534 identity authentication-method { 535 description 536 "Base identity for user authentication methods."; 537 } 539 identity radius { 540 base authentication-method; 541 description 542 "Indicates user authentication using RADIUS."; 543 reference 544 "RFC 2865: Remote Authentication Dial In User Service (RADIUS) 545 RFC 5607: Remote Authentication Dial-In User Service (RADIUS) 546 Authorization for Network Access Server (NAS) 547 Management"; 549 } 551 identity local-users { 552 base authentication-method; 553 description 554 "Indicates password-based authentication of locally 555 configured users."; 556 } 558 identity radius-authentication-type { 559 description 560 "Base identity for RADIUS authentication types."; 561 } 563 identity radius-pap { 564 base radius-authentication-type; 565 description 566 "The device requests PAP authentication from the RADIUS 567 server."; 568 reference 569 "RFC 2865: Remote Authentication Dial In User Service"; 570 } 572 identity radius-chap { 573 base radius-authentication-type; 574 description 575 "The device requests CHAP authentication from the RADIUS 576 server."; 577 reference 578 "RFC 2865: Remote Authentication Dial In User Service"; 579 } 581 /* 582 * Top-level container 583 */ 585 container system { 586 description 587 "System group configuration."; 589 leaf contact { 590 type string { 591 length "0..255"; 592 } 593 description 594 "The administrator contact information for the system."; 595 reference 596 "RFC 3418 - Management Information Base (MIB) for the 597 Simple Network Management Protocol (SNMP) 598 SNMPv2-MIB.sysContact"; 599 } 601 leaf name { 602 type string { 603 length "0..255"; 604 } 605 description 606 "The administratively assigned system name."; 607 reference 608 "RFC 3418 - Management Information Base (MIB) for the 609 Simple Network Management Protocol (SNMP) 610 SNMPv2-MIB.sysName"; 611 } 613 leaf location { 614 type string { 615 length "0..255"; 616 } 617 description 618 "The system location"; 619 reference 620 "RFC 3418 - Management Information Base (MIB) for the 621 Simple Network Management Protocol (SNMP) 622 SNMPv2-MIB.sysLocation"; 623 } 625 container platform { 626 config false; 627 description 628 "Contains vendor-specific information for 629 identifying the system platform and operating system."; 630 reference 631 "IEEE Std 1003.1-2008 - sys/utsname.h"; 633 leaf os-name { 634 type string; 635 description 636 "The name of the operating system in use, 637 for example 'Linux'"; 638 reference 639 "IEEE Std 1003.1-2008 - utsname.sysname"; 640 } 642 leaf os-release { 643 type string; 644 description 645 "The current release level of the operating 646 system in use. This string MAY indicate 647 the OS source code revision."; 648 reference 649 "IEEE Std 1003.1-2008 - utsname.release"; 650 } 652 leaf os-version { 653 type string; 654 description 655 "The current version level of the operating 656 system in use. This string MAY indicate 657 the specific OS build date and target variant 658 information."; 659 reference 660 "IEEE Std 1003.1-2008 - utsname.version"; 661 } 663 leaf machine { 664 type string; 665 description 666 "A vendor-specific identifier string representing 667 the hardware in use."; 668 reference 669 "IEEE Std 1003.1-2008 - utsname.machine"; 670 } 672 leaf nodename { 673 type string; 674 description 675 "The host name of this system."; 676 reference 677 "IEEE Std 1003.1-2008 - utsname.nodename"; 678 } 679 } 681 container clock { 682 description 683 "Configuration and monitoring of the system 684 date and time properties."; 686 leaf current-datetime { 687 type yang:date-and-time; 688 config false; 689 description 690 "The current system date and time."; 691 } 692 leaf boot-datetime { 693 type yang:date-and-time; 694 config false; 695 description 696 "The system date and time when the NETCONF 697 server last restarted."; 698 } 700 choice timezone { 701 description 702 "The system timezone information."; 704 leaf timezone-location { 705 if-feature timezone-location; 706 type ianatz:iana-timezone; 707 description 708 "The TZ database location identifier string 709 to use for the system, such as 'Europe/Stockholm'."; 710 } 712 leaf timezone-utc-offset { 713 type int16 { 714 range "-1500 .. 1500"; 715 } 716 units "minutes"; 717 description 718 "The number of minutes to add to UTC time to 719 identify the timezone for this system. 720 For example, 'UTC - 8:00 hours' would be 721 represented as '-480'. Note that automatic 722 daylight savings time adjustment is not provided, 723 if this object is used."; 724 } 725 } 726 } 728 container ntp { 729 if-feature ntp; 731 description 732 "Configuration of the NTP client."; 734 leaf use-ntp { 735 type boolean; 736 default true; 737 description 738 "Indicates that the system should attempt 739 to synchronize the system clock with an 740 NTP server from the 'ntp-server' list."; 741 } 743 list ntp-server { 744 key address; 745 description 746 "List of NTP servers to use for 747 system clock synchronization. If 'use-ntp' 748 is 'true', then the system will attempt to 749 contact and utilize the specified NTP servers."; 751 leaf association-type { 752 type enumeration { 753 enum server { 754 description 755 "Use server association mode. This device 756 is not expected to synchronize with the 757 configured NTP server."; 758 } 759 enum peer { 760 description 761 "Use peer association mode. This device 762 may be expected to synchronize with the 763 configured NTP server."; 764 } 765 enum pool { 766 description 767 "Use pool association mode. This device 768 is not expected to synchronize with the 769 configured NTP server."; 770 } 771 } 772 default server; 773 description 774 "The desired association type for this NTP server."; 775 } 776 leaf address { 777 type inet:host; 778 description 779 "The IP address or domain name of the NTP server."; 780 } 781 leaf enabled { 782 type boolean; 783 default true; 784 description 785 "Indicates whether this server is enabled for use or 786 not."; 787 } 788 leaf iburst { 789 type boolean; 790 default false; 791 description 792 "Indicates whether this server should enable burst 793 synchronization or not."; 794 } 795 leaf prefer { 796 type boolean; 797 default false; 798 description 799 "Indicates whether this server should be preferred 800 or not."; 801 } 802 } 803 } 805 container dns { 806 description 807 "Configuration of the DNS resolver."; 809 leaf-list search { 810 type inet:host; 811 ordered-by user; 812 description 813 "An ordered list of domains to search when resolving 814 a host name."; 815 } 816 leaf-list server { 817 type inet:ip-address; 818 ordered-by user; 819 description 820 "Addresses of the name servers that the resolver should 821 query. 823 Implementations MAY limit the number of entries in this 824 leaf list."; 825 } 826 container options { 827 description 828 "Resolver options. The set of available options has been 829 limited to those that are generally available across 830 different resolver implementations, and generally 831 useful."; 832 leaf timeout { 833 type uint8 { 834 range "1..max"; 835 } 836 units "seconds"; 837 default "5"; 838 description 839 "The amount of time the resolver will wait for a 840 response from a remote name server before 841 retrying the query via a different name server."; 842 } 843 leaf attempts { 844 type uint8 { 845 range "1..max"; 846 } 847 default "2"; 848 description 849 "The number of times the resolver will send a query to 850 its name servers before giving up and returning an 851 error to the calling application."; 852 } 853 } 854 } 856 container radius { 857 if-feature radius; 859 description 860 "Configuration of the RADIUS client."; 862 list server { 863 key address; 864 ordered-by user; 865 description 866 "List of RADIUS servers used by the device."; 868 leaf address { 869 type inet:host; 870 description 871 "The address of the RADIUS server."; 872 } 873 leaf authentication-port { 874 type inet:port-number; 875 default "1812"; 876 description 877 "The port number of the RADIUS server."; 878 } 879 leaf shared-secret { 880 type string; 881 nacm:default-deny-all; 882 description 883 "The shared secret which is known to both the RADIUS 884 client and server."; 885 reference 886 "RFC 2865: Remote Authentication Dial In User Service"; 887 } 888 leaf authentication-type { 889 type identityref { 890 base radius-authentication-type; 891 } 892 default radius-pap; 893 description 894 "The authentication type requested from the RADIUS 895 server."; 896 } 897 } 898 container options { 899 description 900 "RADIUS client options."; 902 leaf timeout { 903 type uint8 { 904 range "1..max"; 905 } 906 units "seconds"; 907 default "5"; 908 description 909 "The number of seconds the device will wait for a 910 response from a RADIUS server before trying with a 911 different server."; 912 } 913 leaf attempts { 914 type uint8 { 915 range "1..max"; 916 } 917 default "2"; 918 description 919 "The number of times the device will send a query to 920 the RADIUS servers before giving up."; 921 } 922 } 923 } 925 container authentication { 926 nacm:default-deny-write; 927 if-feature authentication; 929 description 930 "The authentication configuration subtree."; 932 leaf-list user-authentication-order { 933 type identityref { 934 base authentication-method; 935 } 936 must '(. = "sys:radius" and ../../radius/server) or' 937 + '(. != "sys:radius")' { 938 error-message 939 "When 'radius' is used, a radius server" 940 + " must be configured."; 941 } 942 ordered-by user; 944 description 945 "When the device authenticates a user with 946 a password, it tries the authentication methods in this 947 leaf-list in order. If authentication with one method 948 fails, the next method is used. If no method succeeds, 949 the user is denied access. 951 If the 'radius-authentication' feature is advertised by 952 the NETCONF server, the 'radius' identity can be added to 953 this list. 955 If the 'local-users' feature is advertised by the 956 NETCONF server, the 'local-users' identity can be 957 added to this list."; 958 } 960 list user { 961 if-feature local-users; 962 key name; 963 description 964 "The list of local users configured on this device."; 966 leaf name { 967 type string; 968 description 969 "The user name string identifying this entry."; 970 } 971 leaf password { 972 type crypt-hash; 973 description 974 "The password for this entry."; 975 } 976 list ssh-key { 977 key name; 978 description 979 "A list of public SSH keys for this user."; 981 reference 982 "RFC 4253: The Secure Shell (SSH) Transport Layer 983 Protocol"; 985 leaf name { 986 type string; 987 description 988 "An arbitrary name for the ssh key."; 989 } 990 leaf algorithm { 991 type string; 992 description 993 "The public key algorithm name for this ssh key. 995 Valid values are the values in the IANA Secure Shell 996 (SSH) Protocol Parameters registry, Public Key 997 Algorithm Names"; 998 reference 999 "IANA Secure Shell (SSH) Protocol Parameters registry, 1000 Public Key Algorithm Names"; 1001 } 1002 leaf key-data { 1003 type binary; 1004 description 1005 "The binary key data for this ssh key."; 1006 } 1007 } 1008 } 1009 } 1010 } 1012 rpc set-current-datetime { 1013 nacm:default-deny-all; 1014 description 1015 "Set the /system/clock/current-datetime leaf 1016 to the specified value. 1018 If the system is using NTP (e.g., /system/ntp/use-ntp 1019 is set to 'true'), then this operation will 1020 fail with error-tag 'operation-failed', 1021 and error-app-tag value of 'ntp-active'"; 1022 input { 1023 leaf current-datetime { 1024 type yang:date-and-time; 1025 mandatory true; 1026 description 1027 "The current system date and time."; 1028 } 1030 } 1031 } 1033 rpc system-restart { 1034 nacm:default-deny-all; 1035 description 1036 "Request that the entire system be restarted immediately. 1037 A server SHOULD send an rpc reply to the client before 1038 restarting the system."; 1039 } 1041 rpc system-shutdown { 1042 nacm:default-deny-all; 1043 description 1044 "Request that the entire system be shut down immediately. 1045 A server SHOULD send an rpc reply to the client before 1046 shutting down the system."; 1047 } 1049 } 1051 1053 5. IANA Considerations 1055 This document registers one URI in the IETF XML registry [RFC3688]. 1056 Following the format in RFC 3688, the following registration is 1057 requested to be made. 1059 URI: urn:ietf:params:xml:ns:yang:ietf-system 1060 Registrant Contact: The NETMOD WG of the IETF. 1061 XML: N/A, the requested URI is an XML namespace. 1063 This document registers one YANG module in the YANG Module Names 1064 registry [RFC6020]. 1066 name: ietf-system 1067 namespace: urn:ietf:params:xml:ns:yang:ietf-system 1068 prefix: sys 1069 reference: RFC XXXX 1071 6. Security Considerations 1073 The YANG module defined in this memo is designed to be accessed via 1074 the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the 1075 secure transport layer and the mandatory-to-implement secure 1076 transport is SSH [RFC6242]. 1078 There are a number of data nodes defined in this YANG module which 1079 are writable/creatable/deletable (i.e., config true, which is the 1080 default). These data nodes may be considered sensitive or vulnerable 1081 in some network environments. Write operations (e.g., edit-config) 1082 to these data nodes without proper protection can have a negative 1083 effect on network operations. These are the subtrees and data nodes 1084 and their sensitivity/vulnerability: 1086 o /system/clock/timezone: This choice contains the objects used to 1087 control the timezone used by the device. 1089 o /system/ntp: This container contains the objects used to control 1090 the Network Time Protocol servers used by the device. 1092 o /system/dns: This container contains the objects used to control 1093 the Domain Name System servers used by the device. 1095 o /system/radius: This container contains the objects used to 1096 control the Remote Authentication Dial-In User Service servers 1097 used by the device. 1099 o /system/authentication/user-authentication-order: This leaf 1100 controls how user login attempts are authenticated by the device. 1102 o /system/authentication/user: This list contains the local users 1103 enabled on the system. 1105 Some of the readable data nodes in this YANG module may be considered 1106 sensitive or vulnerable in some network environments. It is thus 1107 important to control read access (e.g., via get, get-config, or 1108 notification) to these data nodes. These are the subtrees and data 1109 nodes and their sensitivity/vulnerability: 1111 o /system/platform: This container has objects which may help 1112 identify the specific NETCONF server and/or operating system 1113 implementation used on the device. 1115 Some of the RPC operations in this YANG module may be considered 1116 sensitive or vulnerable in some network environments. It is thus 1117 important to control access to these operations. These are the 1118 operations and their sensitivity/vulnerability: 1120 o set-current-datetime: Changes the current date and time on the 1121 device. 1123 o system-restart: Reboots the device. 1125 o system-shutdown: Shuts down the device. 1127 7. Change Log 1129 -- RFC Ed.: remove this section before publication. 1131 7.1. 00-01 1133 o added configuration-source identities 1135 o added configuration-source leaf to ntp and dns (via grouping) to 1136 choose configuration source 1138 o added association-type, iburst, prefer, and true leafs to the ntp- 1139 server list 1141 o extended the ssh keys for a user to a list of keys. support all 1142 defined key algorithms, not just dsa and rsa 1144 o clarified timezone-utc-offset description-stmt 1146 o removed '/system/ntp/server/true' leaf from data model 1148 7.2. 01-02 1150 o added default-stmts to ntp-server/iburst and ntp-server/prefer 1151 leafs 1153 o changed timezone-location leaf to use iana-timezone typedef 1154 instead of a string 1156 7.3. 02-03 1158 o removed configuration-source identities and leafs 1160 7.4. 03-04 1162 o removed ndots dns resolver option 1164 o added radius-authentication-type identity, and identities for pap 1165 and chap, and a leaf to control which authentication type to use 1166 when communicating with the radius server 1168 o made 0 an invalid value for timeouts and attempts 1170 8. Normative References 1172 [FIPS.180-3.2008] 1173 National Institute of Standards and Technology, "Secure 1174 Hash Standard", FIPS PUB 180-3, October 2008, . 1178 [I-D.lange-netmod-iana-timezones] 1179 Lange, J., "IANA Timezone Database YANG Module", 1180 draft-lange-netmod-iana-timezones-01 (work in progress), 1181 June 2012. 1183 [IEEE-1003.1-2008] 1184 Institute of Electrical and Electronics Engineers, 1185 "POSIX.1-2008", IEEE Standard 1003.1, March 2008. 1187 [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 1188 April 1992. 1190 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1191 Requirement Levels", BCP 14, RFC 2119, March 1997. 1193 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, 1194 "Remote Authentication Dial In User Service (RADIUS)", 1195 RFC 2865, June 2000. 1197 [RFC3418] Presuhn, R., "Management Information Base (MIB) for the 1198 Simple Network Management Protocol (SNMP)", STD 62, 1199 RFC 3418, December 2002. 1201 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1202 January 2004. 1204 [RFC4252] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) 1205 Authentication Protocol", RFC 4252, January 2006. 1207 [RFC4253] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) 1208 Transport Layer Protocol", RFC 4253, January 2006. 1210 [RFC5607] Nelson, D. and G. Weber, "Remote Authentication Dial-In 1211 User Service (RADIUS) Authorization for Network Access 1212 Server (NAS) Management", RFC 5607, July 2009. 1214 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the 1215 Network Configuration Protocol (NETCONF)", RFC 6020, 1216 October 2010. 1218 [RFC6021] Schoenwaelder, J., "Common YANG Data Types", RFC 6021, 1219 October 2010. 1221 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1222 and A. Bierman, Ed., "Network Configuration Protocol 1223 (NETCONF)", RFC 6241, June 2011. 1225 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1226 Shell (SSH)", RFC 6242, June 2011. 1228 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1229 Protocol (NETCONF) Access Control Model", RFC 6536, 1230 March 2012. 1232 [RFC6557] Lear, E. and P. Eggert, "Procedures for Maintaining the 1233 Time Zone Database", BCP 175, RFC 6557, February 2012. 1235 Authors' Addresses 1237 Andy Bierman 1238 YumaWorks 1240 Email: andy@yumaworks.com 1242 Martin Bjorklund 1243 Tail-f Systems 1245 Email: mbj@tail-f.com