draft-ietf-netmod-system-mgmt-00.txt   draft-ietf-netmod-system-mgmt-01.txt 
Network Working Group A. Bierman Network Working Group A. Bierman
Internet-Draft Netconf Central Internet-Draft YumaWorks
Intended status: Standards Track M. Bjorklund Intended status: Standards Track M. Bjorklund
Expires: August 3, 2012 Tail-f Systems Expires: January 1, 2013 Tail-f Systems
January 31, 2012 June 30, 2012
YANG Data Model for System Management YANG Data Model for System Management
draft-ietf-netmod-system-mgmt-00 draft-ietf-netmod-system-mgmt-01
Abstract Abstract
This document defines a YANG data model for the configuration and This document defines a YANG data model for the configuration and
identification of the management system of a device. identification of the management system of a device.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 32 skipping to change at page 1, line 32
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 3, 2012. This Internet-Draft will expire on January 1, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 25 skipping to change at page 2, line 25
3.1. System Identification . . . . . . . . . . . . . . . . . . 5 3.1. System Identification . . . . . . . . . . . . . . . . . . 5
3.2. System Time Management . . . . . . . . . . . . . . . . . . 5 3.2. System Time Management . . . . . . . . . . . . . . . . . . 5
3.3. DNS Resolver Model . . . . . . . . . . . . . . . . . . . . 5 3.3. DNS Resolver Model . . . . . . . . . . . . . . . . . . . . 5
3.4. RADIUS Client Model . . . . . . . . . . . . . . . . . . . 6 3.4. RADIUS Client Model . . . . . . . . . . . . . . . . . . . 6
3.5. User Authentication Model . . . . . . . . . . . . . . . . 6 3.5. User Authentication Model . . . . . . . . . . . . . . . . 6
3.5.1. SSH Public Key Authentication . . . . . . . . . . . . 7 3.5.1. SSH Public Key Authentication . . . . . . . . . . . . 7
3.5.2. Local User Password Authentication . . . . . . . . . . 7 3.5.2. Local User Password Authentication . . . . . . . . . . 7
3.5.3. RADIUS Password Authentication . . . . . . . . . . . . 7 3.5.3. RADIUS Password Authentication . . . . . . . . . . . . 7
3.6. System Control . . . . . . . . . . . . . . . . . . . . . . 8 3.6. System Control . . . . . . . . . . . . . . . . . . . . . . 8
4. System YANG module . . . . . . . . . . . . . . . . . . . . . . 9 4. System YANG module . . . . . . . . . . . . . . . . . . . . . . 9
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
6. Security Considerations . . . . . . . . . . . . . . . . . . . 36 6. Security Considerations . . . . . . . . . . . . . . . . . . . 26
7. Normative References . . . . . . . . . . . . . . . . . . . . . 38 7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 40 7.1. 00-01 . . . . . . . . . . . . . . . . . . . . . . . . . . 28
8. Normative References . . . . . . . . . . . . . . . . . . . . . 29
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 31
1. Introduction 1. Introduction
This document defines a YANG [RFC6020] data model for the This document defines a YANG [RFC6020] data model for the
configuration and identification of the management system of a configuration and identification of the management system of a
device. device.
Devices that are managed by NETCONF and perhaps other mechanisms have Devices that are managed by NETCONF and perhaps other mechanisms have
common properties that need to be configured and monitored in a common properties that need to be configured and monitored in a
standard way. standard way.
skipping to change at page 4, line 22 skipping to change at page 4, line 22
and intended to be specific to the device vendor. and intended to be specific to the device vendor.
Some user-configurable administrative strings are also provided such Some user-configurable administrative strings are also provided such
as the system location and description. as the system location and description.
2.2. System Time Management 2.2. System Time Management
The management of the date and time used by the system need to be The management of the date and time used by the system need to be
supported. Use of one or more NTP servers to automatically set the supported. Use of one or more NTP servers to automatically set the
system date and time need to be possible. Utilization of the system date and time need to be possible. Utilization of the
Timezone database [I-D.lear-iana-timezone-database] also need to be Timezone database [RFC6557] also need to be supported.
supported.
2.3. User Authentication 2.3. User Authentication
The authentication mechanism need to support password authentication The authentication mechanism need to support password authentication
over RADIUS, to support deployment scenarios with centralized over RADIUS, to support deployment scenarios with centralized
authentication servers. Additionally, local users need to be authentication servers. Additionally, local users need to be
supported, for scenarios when no centralized authentication server supported, for scenarios when no centralized authentication server
exists, or for situations where the centralized authentication server exists, or for situations where the centralized authentication server
cannot be reached from the device. cannot be reached from the device.
skipping to change at page 5, line 34 skipping to change at page 5, line 34
The data model for system time management has the following The data model for system time management has the following
structure: structure:
+--rw system +--rw system
+--rw clock +--rw clock
| +--ro current-datetime? yang:date-and-time | +--ro current-datetime? yang:date-and-time
| +--ro boot-datetime? yang:date-and-time | +--ro boot-datetime? yang:date-and-time
| +--rw (timezone)? | +--rw (timezone)?
| +--:(timezone-location) | +--:(timezone-location)
| | +--rw timezone-location? string | | +--rw timezone-location? string
| +--:(timezone-name)
| | +--rw timezone-name? string
| +--:(timezone-utc-offset) | +--:(timezone-utc-offset)
| +--rw timezone-utc-offset? int16 | +--rw timezone-utc-offset? int16
+--rw ntp +--rw ntp
+--rw use-ntp? boolean +--rw use-ntp? boolean
+--rw configuration-source* identityref
+--rw ntp-server [address] +--rw ntp-server [address]
+--rw association-type? enumeration
+--rw address inet:host +--rw address inet:host
+--rw enabled boolean +--rw enabled boolean
+--rw iburst boolean
+--rw prefer boolean
3.3. DNS Resolver Model 3.3. DNS Resolver Model
The data model for configuration of the DNS resolver has the The data model for configuration of the DNS resolver has the
following structure: following structure:
+--rw system +--rw system
+--rw dns +--rw dns
+--rw configuration-source* identityref
+--rw search* inet:host +--rw search* inet:host
+--rw server* inet:ip-address +--rw server* inet:ip-address
+--rw options +--rw options
+--rw ndots? uint8 +--rw ndots? uint8
+--rw timeout? uint8 +--rw timeout? uint8
+--rw attempts? uint8 +--rw attempts? uint8
3.4. RADIUS Client Model 3.4. RADIUS Client Model
The data model for configuration of the RADIUS client has the The data model for configuration of the RADIUS client has the
skipping to change at page 7, line 13 skipping to change at page 7, line 13
based User Interface. based User Interface.
The data model for user authentication has the following structure: The data model for user authentication has the following structure:
+--rw system +--rw system
+--rw authentication +--rw authentication
+--rw user-authentication-order* identityref +--rw user-authentication-order* identityref
+--rw user [name] +--rw user [name]
+--rw name string +--rw name string
+--rw password? crypt-hash +--rw password? crypt-hash
+--rw ssh-dsa? binary +--rw ssh-key [name]
+--rw ssh-rsa? binary +--rw name string
+--rw algorithm? string
+--rw key-data? binary
3.5.1. SSH Public Key Authentication 3.5.1. SSH Public Key Authentication
If the NETCONF server advertises the "local-users" feature, If the NETCONF server advertises the "local-users" feature,
configuration of local users and their SSH public keys is supported configuration of local users and their SSH public keys is supported
in the /system/authentication/user list. in the /system/authentication/user list.
Public key authentication is requested by the SSH client. If the Public key authentication is requested by the SSH client. If the
"local-users" feature is supported, then when a NETCONF client starts "local-users" feature is supported, then when a NETCONF client starts
an SSH session towards the server using the "publickey" an SSH session towards the server using the "publickey"
skipping to change at page 9, line 7 skipping to change at page 9, line 7
3.6. System Control 3.6. System Control
Two protocol operations are included to restart or shutdown the Two protocol operations are included to restart or shutdown the
system. The 'system-restart' operation can be used to restart the system. The 'system-restart' operation can be used to restart the
entire system (not just the NETCONF server). The 'system-shutdown' entire system (not just the NETCONF server). The 'system-shutdown'
operation can be used to power off the entire system. operation can be used to power off the entire system.
4. System YANG module 4. System YANG module
This YANG module imports YANG extensions from [RFC6536], imports YANG
types from [RFC6021], and references [RFC1321], [RFC2865], [RFC3418],
[RFC5607], [IEEE-1003.1-2008], and [FIPS.180-3.2008].
RFC Ed.: update the date below with the date of RFC publication and RFC Ed.: update the date below with the date of RFC publication and
remove this note. remove this note.
This YANG module imports YANG extensions from <CODE BEGINS> file "ietf-system@2012-06-30.yang"
[I-D.ietf-netconf-access-control], imports YANG types from [RFC6021],
and references [RFC1321], [RFC2865], [RFC3418], [RFC5607],
[IEEE-1003.1-2008], and [FIPS.180-3.2008].
<CODE BEGINS> file "ietf-system@2012-01-31.yang"
module ietf-system { module ietf-system {
namespace "urn:ietf:params:xml:ns:yang:ietf-system"; namespace "urn:ietf:params:xml:ns:yang:ietf-system";
prefix "sys"; prefix "sys";
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
} }
import ietf-inet-types { import ietf-inet-types {
skipping to change at page 9, line 47 skipping to change at page 9, line 46
"WG Web: <http://tools.ietf.org/wg/netmod/> "WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org> WG List: <mailto:netmod@ietf.org>
WG Chair: David Kessens WG Chair: David Kessens
<mailto:david.kessens@nsn.com> <mailto:david.kessens@nsn.com>
WG Chair: Juergen Schoenwaelder WG Chair: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de> <mailto:j.schoenwaelder@jacobs-university.de>
Editor: Andy Bierman Editor: Andy Bierman
<mailto:andy@netconfcentral.org> <mailto:andy@yumaworks.com>
Editor: Martin Bjorklund Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>"; <mailto:mbj@tail-f.com>";
description description
"This module contains a collection of YANG definitions for the "This module contains a collection of YANG definitions for the
configuration and identification of the management system of a configuration and identification of the management system of a
device. device.
Copyright (c) 2011 IETF Trust and the persons identified as Copyright (c) 2012 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
// RFC Ed.: remove this note // RFC Ed.: remove this note
// Note: extracted from draft-ietf-netmod-system-mgmt-00.txt // Note: extracted from draft-ietf-netmod-system-mgmt-01.txt
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2012-01-31 { revision "2012-06-30" {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for System Management"; "RFC XXXX: A YANG Data Model for System Management";
} }
/* /*
* Typedefs * Typedefs
*/ */
typedef timezone-name {
description
"List of available timezone enumerations.
Based on the referenced list, but non-unique names
have been changed so they are unique enumeration
identifiers.";
reference
"Wikipedia: http://en.wikipedia.org/wiki/"
+ "List_of_time_zone_abbreviations";
type enumeration {
enum ACDT {
description
"Australian Central Daylight Time UTC+10:30";
}
enum ACST {
description
"Australian Central Standard Time UTC+09:30";
}
enum ACT {
description
"ASEAN Common Time UTC+08";
}
enum ADT {
description
"Atlantic Daylight Time UTC-03";
}
enum AEDT {
description
"Australian Eastern Daylight Time UTC+11";
}
enum AEST {
description
"Australian Eastern Standard Time UTC+10";
}
enum AFT {
description
"Afghanistan Time UTC+04:30";
}
enum AKDT {
description
"Alaska Daylight Time UTC-08";
}
enum AKST {
description
"Alaska Standard Time UTC-09";
}
enum AMST {
description
"Armenia Summer Time UTC+05";
}
enum AMT {
description
"Armenia Time UTC+04";
}
enum ART {
description
"Argentina Time UTC-03";
}
enum AST {
description
"Arab Standard Time (Kuwait, Riyadh) UTC+03";
}
enum AST-2 {
description
"Arabian Standard Time (Abu Dhabi, Muscat) UTC+04";
}
enum AST-3 {
description
"Arabic Standard Time (Baghdad) UTC+03";
}
enum AST-4 {
description
"Atlantic Standard Time UTC-04";
}
enum AWDT {
description
"Australian Western Daylight Time UTC+09";
}
enum AWST {
description
"Australian Western Standard Time UTC+08";
}
enum AZOST {
description
"Azores Standard Time UTC-01";
}
enum AZT {
description
"Azerbaijan Time UTC+04";
}
enum BDT {
description
"Brunei Time UTC+08";
}
enum BIOT {
description
"British Indian Ocean Time UTC+06";
}
enum BIT {
description
"Baker Island Time UTC-12";
}
enum BOT {
description
"Bolivia Time UTC-04";
}
enum BRT {
description
"Brasilia Time UTC-03";
}
enum BST {
description
"Bangladesh Standard Time UTC+06";
}
enum BST-2 {
description
"British Summer Time (British Standard Time
from Feb 1968 to Oct 1971) UTC+01";
}
enum BTT {
description
"Bhutan Time UTC+06";
}
enum CAT {
description
"Central Africa Time UTC+02";
}
enum CCT {
description
"Cocos Islands Time UTC+06:30";
}
enum CDT {
description
"Central Daylight Time (North America) UTC-05";
}
enum CEDT {
description
"Central European Daylight Time UTC+02";
}
enum CEST {
description
"Central European Summer Time (Cf. HAEC) UTC+02";
}
enum CET {
description
"Central European Time UTC+01";
}
enum CHADT {
description
"Chatham Daylight Time UTC+13:45";
}
enum CHAST {
description
"Chatham Standard Time UTC+12:45";
}
enum CIST {
description
"Clipperton Island Standard Time UTC-08";
}
enum CKT {
description
"Cook Island Time UTC-10";
}
enum CLST {
description
"Chile Summer Time UTC-03";
}
enum CLT {
description
"Chile Standard Time UTC-04";
}
enum COST {
description
"Colombia Summer Time UTC-04";
}
enum COT {
description
"Colombia Time UTC-05";
}
enum CST {
description
"Central Standard Time (North America) UTC-06";
}
enum CST-2 {
description
"China Standard Time UTC+08";
}
enum CST-3 {
description
"Central Standard Time (Australia) UTC+09:30";
}
enum CT {
description
"China Time UTC+08";
}
enum CVT {
description
"Cape Verde Time UTC-01";
}
enum CXT {
description
"Christmas Island Time UTC+07";
}
enum CHST {
description
"Chamorro Standard Time UTC+10";
}
enum DFT {
description
"AIX specific equivalent of Central European Time UTC+01";
}
enum EAST {
description
"Easter Island Standard Time UTC-06";
}
enum EAT {
description
"East Africa Time UTC+03";
}
enum ECT {
description
"Eastern Caribbean Time (does not recognise DST) UTC-04";
}
enum ECT-2 {
description
"Ecuador Time UTC-05";
}
enum EDT {
description
"Eastern Daylight Time (North America) UTC-04";
}
enum EEDT {
description
"Eastern European Daylight Time UTC+03";
}
enum EEST {
description
"Eastern European Summer Time UTC+03";
}
enum EET {
description
"Eastern European Time UTC+02";
}
enum EST {
description
"Eastern Standard Time (North America) UTC-05";
}
enum FJT {
description
"Fiji Time UTC+12";
}
enum FKST {
description
"Falkland Islands Summer Time UTC-03";
}
enum FKT {
description
"Falkland Islands Time UTC-04";
}
enum GALT {
description
"Galapagos Time UTC-06";
}
enum GET {
description
"Georgia Standard Time UTC+04";
}
enum GFT {
description
"French Guiana Time UTC-03";
}
enum GILT {
description
"Gilbert Island Time UTC+12";
}
enum GIT {
description
"Gambier Island Time UTC-09";
}
enum GMT {
description
"Greenwich Mean Time UTC";
}
enum GST {
description
"South Georgia and the South Sandwich Islands UTC-02";
}
enum GST-2 {
description
"Gulf Standard Time UTC+04";
}
enum GYT {
description
"Guyana Time UTC-04";
}
enum HADT {
description
"Hawaii-Aleutian Daylight Time UTC-09";
}
enum HAEC {
description
"Heure Avancee d'Europe Centrale francised name for
CEST UTC+02";
}
enum HAST {
description
"Hawaii-Aleutian Standard Time UTC-10";
}
enum HKT {
description
"Hong Kong Time UTC+08";
}
enum HMT {
description
"Heard and McDonald Islands Time UTC+05";
}
enum HST {
description
"Hawaii Standard Time UTC-10";
}
enum ICT {
description
"Indochina Time UTC+07";
}
enum IDT {
description
"Israeli Daylight Time UTC+03";
}
enum IRKT {
description
"Irkutsk Time UTC+08";
}
enum IRST {
description
"Iran Standard Time UTC+03:30";
}
enum IST {
description
"Indian Standard Time UTC+05:30";
}
enum IST-2 {
description
"Irish Summer Time UTC+01";
}
enum IST-3 {
description
"Israel Standard Time UTC+02";
}
enum JST {
description
"Japan Standard Time UTC+09";
}
enum KRAT {
description
"Krasnoyarsk Time UTC+07";
}
enum KST {
description
"Korea Standard Time UTC+09";
}
enum LHST {
description
"Lord Howe Standard Time UTC+10:30";
}
enum LINT {
description
"Line Islands Time UTC+14";
}
enum MAGT {
description
"Magadan Time UTC+11";
}
enum MDT {
description
"Mountain Daylight Time (North America) UTC-06";
}
enum MET {
description
"Middle European Time Same zone as CET UTC+02";
}
enum MEST {
description
"Middle European Saving Time Same zone as CEST UTC+02";
}
enum MIT {
description
"Marquesas Islands Time UTC-09:30";
}
enum MSD {
description
"Moscow Summer Time UTC+04";
}
enum MSK {
description
"Moscow Standard Time UTC+03";
}
enum MST {
description
"Malaysian Standard Time UTC+08";
}
enum MST-2 {
description
"Mountain Standard Time (North America) UTC-07";
}
enum MST-3 {
description
"Myanmar Standard Time UTC+06:30";
}
enum MUT {
description
"Mauritius Time UTC+04";
}
enum MYT {
description
"Malaysia Time UTC+08";
}
enum NDT {
description
"Newfoundland Daylight Time UTC-02:30";
}
enum NFT {
description
"Norfolk Time[1] UTC+11:30";
}
enum NPT {
description
"Nepal Time UTC+05:45";
}
enum NST {
description
"Newfoundland Standard Time UTC-03:30";
}
enum NT {
description
"Newfoundland Time UTC-03:30";
}
enum NZDT {
description
"New Zealand Daylight Time UTC+13";
}
enum NZST {
description
"New Zealand Standard Time UTC+12";
}
enum OMST {
description
"Omsk Time UTC+06";
}
enum PDT {
description
"Pacific Daylight Time (North America) UTC-07";
}
enum PETT {
description
"Kamchatka Time UTC+12";
}
enum PHOT {
description
"Phoenix Island Time UTC+13";
}
enum PKT {
description
"Pakistan Standard Time UTC+05";
}
enum PST {
description
"Pacific Standard Time (North America) UTC-08";
}
enum PST-2 {
description
"Philippine Standard Time UTC+08";
}
enum RET {
description
"Reunion Time UTC+04";
}
enum SAMT {
description
"Samara Time UTC+04";
}
enum SAST {
description
"South African Standard Time UTC+02";
}
enum SBT {
description
"Solomon Islands Time UTC+11";
}
enum SCT {
description
"Seychelles Time UTC+04";
}
enum SGT {
description
"Singapore Time UTC+08";
}
enum SLT {
description
"Sri Lanka Time UTC+05:30";
}
enum SST {
description
"Samoa Standard Time UTC-11";
}
enum SST-2 {
description
"Singapore Standard Time UTC+08";
}
enum TAHT {
description
"Tahiti Time UTC-10";
}
enum THA {
description
"Thailand Standard Time UTC+07";
}
enum UTC {
description
"Coordinated Universal Time UTC";
}
enum UYST {
description
"Uruguay Summer Time UTC-02";
}
enum UYT {
description
"Uruguay Standard Time UTC-03";
}
enum VET {
description
"Venezuelan Standard Time UTC-04:30";
}
enum VLAT {
description
"Vladivostok Time UTC+10";
}
enum WAT {
description
"West Africa Time UTC+01";
}
enum WEDT {
description
"Western European Daylight Time UTC+01";
}
enum WEST {
description
"Western European Summer Time UTC+01";
}
enum WET {
description
"Western European Time UTC";
}
enum WST {
description
"Western Standard Time UTC+08";
}
enum YAKT {
description
"Yakutsk Time UTC+09";
}
enum YEKT {
description
"Yekaterinburg Time UTC+05";
}
}
}
typedef crypt-hash { typedef crypt-hash {
type string { type string {
pattern "$0$.* | $1|5|6$[a-zA-Z0-9./]{2,16}$.*"; pattern "$0$.*|$(1|5|6)$[a-zA-Z0-9./]{2,16}$.*";
} }
description description
"The crypt-hash type is used to store passwords using "The crypt-hash type is used to store passwords using
a hash function. This type is implemented in various UNIX a hash function. This type is implemented in various UNIX
systems as the function crypt(3). systems as the function crypt(3).
When a clear text value is set to a leaf of this type, the When a clear text value is set to a leaf of this type, the
server calculates a password hash, and stores the result server calculates a password hash, and stores the result
in the datastore. Thus, the password is never stored in in the datastore. Thus, the password is never stored in
clear text. clear text.
skipping to change at page 25, line 18 skipping to change at page 13, line 26
} }
feature timezone-location { feature timezone-location {
description description
"Indicates that the local timezone on the device "Indicates that the local timezone on the device
can be configured to use the TZ database can be configured to use the TZ database
to set the timezone and manage daylight savings time."; to set the timezone and manage daylight savings time.";
reference reference
"TZ Database http://www.twinsun.com/tz/tz-link.htm "TZ Database http://www.twinsun.com/tz/tz-link.htm
Maintaining the Timezone Database Maintaining the Timezone Database
draft-lear-iana-timezone-database-04.txt"; RFC 6557 (BCP 175)";
}
feature timezone-name {
description
"Indicates that the local timezone on the device
can be configured using the timezone enumeration
strings as an alias for an UTC offset.";
reference
"Wikipedia: http://en.wikipedia.org/wiki/"
+ "List_of_time_zone_abbreviations";
} }
/* /*
* Identities * Identities
*/ */
identity authentication-method { identity authentication-method {
description description
"Base identity for user authentication methods."; "Base identity for user authentication methods.";
} }
skipping to change at page 26, line 10 skipping to change at page 14, line 8
Management"; Management";
} }
identity local-users { identity local-users {
base authentication-method; base authentication-method;
description description
"Indicates password-based authentication of locally "Indicates password-based authentication of locally
configured users."; configured users.";
} }
identity configuration-source {
description "Base for all configuration sources.";
}
identity local-config {
base configuration-source;
description "Local configuration source.";
}
identity dhcp {
base configuration-source;
description "DHCP configuration source.";
}
/* /*
* Top-level container * Top-level container
*/ */
container system { container system {
description description
"System group configuration."; "System group configuration.";
leaf contact { leaf contact {
type string { type string {
length "0..255"; length "0..255";
} }
default "";
description description
"The administrator contact information for the system."; "The administrator contact information for the system.";
reference reference
"RFC 3418 - Management Information Base (MIB) for the "RFC 3418 - Management Information Base (MIB) for the
Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP)
SNMPv2-MIB.sysContact"; SNMPv2-MIB.sysContact";
} }
leaf name { leaf name {
type string { type string {
length "0..255"; length "0..255";
} }
default "";
description description
"The administratively assigned system name."; "The administratively assigned system name.";
reference reference
"RFC 3418 - Management Information Base (MIB) for the "RFC 3418 - Management Information Base (MIB) for the
Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP)
SNMPv2-MIB.sysName"; SNMPv2-MIB.sysName";
} }
leaf location { leaf location {
type string { type string {
length "0..255"; length "0..255";
} }
default "";
description description
"The system location"; "The system location";
reference reference
"RFC 3418 - Management Information Base (MIB) for the "RFC 3418 - Management Information Base (MIB) for the
Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP)
SNMPv2-MIB.sysLocation"; SNMPv2-MIB.sysLocation";
} }
container platform { container platform {
config false; config false;
skipping to change at page 28, line 47 skipping to change at page 17, line 10
choice timezone { choice timezone {
description description
"Configure the system timezone information."; "Configure the system timezone information.";
leaf timezone-location { leaf timezone-location {
if-feature timezone-location; if-feature timezone-location;
type string; type string;
description description
"The TZ database location identifier string "The TZ database location identifier string
to use for the system, such as 'Europe/Stockholm'."; to use for the system, such as 'Europe/Stockholm'.
} [FIXME: replace string with enumeration]";
leaf timezone-name {
if-feature timezone-name;
type timezone-name;
description
"The timezone enumeration string to use
for the system, such as 'CET'.";
} }
leaf timezone-utc-offset { leaf timezone-utc-offset {
type int16 { type int16 {
range "-1439 .. 1439"; range "-1439 .. 1439";
} }
description description
"The number of minutes to add to UTC time to "The number of minutes to add to UTC time to
identify the timezone for this system. identify the timezone for this system.
For example, 'UTC - 8:00 hours' would be For example, 'UTC - 8:00 hours' would be
represented as '-480'."; represented as '-480'. Note that automatic
daylight savings time adjustment is not provided,
if this object is used.";
}
}
}
grouping configuration-source {
leaf-list configuration-source {
ordered-by user;
type identityref {
base configuration-source;
} }
description
"Indicates the ordered list of configuration source(s)
that the server should use for the service.";
} }
} }
container ntp { container ntp {
if-feature ntp; if-feature ntp;
description description
"Configuration of the NTP client."; "Configuration of the NTP client.";
leaf use-ntp { leaf use-ntp {
type boolean; type boolean;
default true; default true;
description description
"Indicates that the system should attempt "Indicates that the system should attempt
to synchronize the system clock with an to synchronize the system clock with an
NTP server from the 'ntp-server' list."; NTP server from the 'ntp-server' list.";
} }
uses configuration-source;
list ntp-server { list ntp-server {
key address; key address;
ordered-by user;
description description
"List of NTP servers to use for "List of NTP servers to use for
system clock synchronization. If 'use-ntp' system clock synchronization. If 'use-ntp'
is 'true', then the system will attempt to is 'true', then the system will attempt to
contact and utilize the specified NTP servers. contact and utilize the specified NTP servers.";
The user specified order indicates the server priority.";
leaf association-type {
type enumeration {
enum server {
description
"Use server association mode. This device
is not expected to synchronize with the
configured NTP server.";
}
enum peer {
description
"Use peer association mode. This device
may be expected to synchronize with the
configured NTP server.";
}
enum pool {
description
"Use pool association mode. This device
is not expected to synchronize with the
configured NTP server.";
}
}
description
"The desired association type for this NTP server.";
default server;
}
leaf address { leaf address {
type inet:host; type inet:host;
description description
"The IP address or domain name of the NTP server."; "The IP address or domain name of the NTP server.";
} }
leaf enabled { leaf enabled {
type boolean; type boolean;
default true; default true;
description description
"Indicates whether this server is enabled for use or "Indicates whether this server is enabled for use or
not."; not.";
} }
leaf iburst {
type boolean;
description
"Indicates whether this server should enable burst
synchronization or not.";
}
leaf prefer {
type boolean;
description
"Indicates whether this server should be preferred
or not.";
}
} }
} }
container dns { container dns {
description description
"Configuration of the DNS resolver."; "Configuration of the DNS resolver.";
uses configuration-source;
leaf-list search { leaf-list search {
type inet:host; type inet:host;
ordered-by user; ordered-by user;
description description
"An ordered list of domains to search when resolving "An ordered list of domains to search when resolving
a host name."; a host name.";
} }
leaf-list server { leaf-list server {
type inet:ip-address; type inet:ip-address;
ordered-by user; ordered-by user;
skipping to change at page 33, line 32 skipping to change at page 22, line 41
leaf name { leaf name {
type string; type string;
description description
"The user name string identifying this entry."; "The user name string identifying this entry.";
} }
leaf password { leaf password {
type crypt-hash; type crypt-hash;
description description
"The password for this entry."; "The password for this entry.";
} }
leaf ssh-dsa { list ssh-key {
type binary; key name;
description
"The public DSA key for this entry.";
}
leaf ssh-rsa {
type binary;
description description
"The public RSA key for this entry."; "A list of public SSH keys for this user.";
reference
"RFC 4253: The Secure Shell (SSH) Transport Layer
Protocol";
leaf name {
type string;
description
"An arbitrary name for the ssh key.";
}
leaf algorithm {
type string;
description
"The public key algorithm name for this ssh key.
Valid values are the values in the IANA Secure Shell
(SSH) Protocol Parameters registry, Public Key
Algorithm Names";
reference
"IANA Secure Shell (SSH) Protocol Parameters registry,
Public Key Algorithm Names";
}
leaf key-data {
type binary;
description
"The binary key data for this ssh key.";
}
} }
} }
} }
} }
rpc set-current-datetime { rpc set-current-datetime {
nacm:default-deny-all; nacm:default-deny-all;
description description
"Manually set the /system/clock/current-datetime leaf "Manually set the /system/clock/current-datetime leaf
to the specified value. to the specified value.
If the /system/ntp/ntp-in-use leaf exists and If the system is using NTP (e.g., /system/ntp/use-ntp
is set to 'true', then this operation will is set to 'true'), then this operation will
fail with error-tag 'operation-failed', fail with error-tag 'operation-failed',
and error-app-tag value of 'ntp-active'"; and error-app-tag value of 'ntp-active'";
input { input {
leaf current-datetime { leaf current-datetime {
type yang:date-and-time; type yang:date-and-time;
mandatory true; mandatory true;
description description
"The current system date and time."; "The current system date and time.";
} }
} }
skipping to change at page 38, line 5 skipping to change at page 28, line 5
important to control access to these operations. These are the important to control access to these operations. These are the
operations and their sensitivity/vulnerability: operations and their sensitivity/vulnerability:
o set-current-datetime: Changes the current date and time on the o set-current-datetime: Changes the current date and time on the
device. device.
o system-restart: Reboots the device. o system-restart: Reboots the device.
o system-shutdown: Shuts down the device. o system-shutdown: Shuts down the device.
7. Normative References 7. Change Log
-- RFC Ed.: remove this section before publication.
7.1. 00-01
o added configuration-source identities
o added configuration-source leaf to ntp and dns (via grouping) to
choose configuration source
o added association-type, iburst, prefer, and true leafs to the ntp-
server list
o extended the ssh keys for a user to a list of keys. support all
defined key algorithms, not just dsa and rsa
o clarified timezone-utc-offset description-stmt
o removed '/system/ntp/server/true' leaf from data model
8. Normative References
[FIPS.180-3.2008] [FIPS.180-3.2008]
National Institute of Standards and Technology, "Secure National Institute of Standards and Technology, "Secure
Hash Standard", FIPS PUB 180-3, October 2008, <http:// Hash Standard", FIPS PUB 180-3, October 2008, <http://
csrc.nist.gov/publications/fips/fips180-3/ csrc.nist.gov/publications/fips/fips180-3/
fips180-3_final.pdf>. fips180-3_final.pdf>.
[I-D.ietf-netconf-access-control]
Bierman, A. and M. Bjorklund, "Network Configuration
Protocol (NETCONF) Access Control Model",
draft-ietf-netconf-access-control-05 (work in progress),
October 2011.
[I-D.lear-iana-timezone-database]
Lear, E. and P. Eggert, "IANA Procedures for Maintaining
the Timezone Database",
draft-lear-iana-timezone-database-04 (work in progress),
May 2011.
[IEEE-1003.1-2008] [IEEE-1003.1-2008]
Institute of Electrical and Electronics Engineers, Institute of Electrical and Electronics Engineers,
"POSIX.1-2008", IEEE Standard 1003.1, March 2008. "POSIX.1-2008", IEEE Standard 1003.1, March 2008.
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992. April 1992.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
skipping to change at page 40, line 5 skipping to change at page 30, line 9
[RFC6021] Schoenwaelder, J., "Common YANG Data Types", RFC 6021, [RFC6021] Schoenwaelder, J., "Common YANG Data Types", RFC 6021,
October 2010. October 2010.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, June 2011. (NETCONF)", RFC 6241, June 2011.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, June 2011. Shell (SSH)", RFC 6242, June 2011.
[RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration
Protocol (NETCONF) Access Control Model", RFC 6536,
March 2012.
[RFC6557] Lear, E. and P. Eggert, "Procedures for Maintaining the
Time Zone Database", BCP 175, RFC 6557, February 2012.
Authors' Addresses Authors' Addresses
Andy Bierman Andy Bierman
Netconf Central YumaWorks
Email: andy@netconfcentral.org Email: andy@yumaworks.com
Martin Bjorklund Martin Bjorklund
Tail-f Systems Tail-f Systems
Email: mbj@tail-f.com Email: mbj@tail-f.com
 End of changes. 42 change blocks. 
645 lines changed or deleted 167 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/