draft-ietf-netmod-system-mgmt-03.txt   draft-ietf-netmod-system-mgmt-04.txt 
Network Working Group A. Bierman Network Working Group A. Bierman
Internet-Draft YumaWorks Internet-Draft YumaWorks
Intended status: Standards Track M. Bjorklund Intended status: Standards Track M. Bjorklund
Expires: March 11, 2013 Tail-f Systems Expires: June 29, 2013 Tail-f Systems
September 7, 2012 December 26, 2012
YANG Data Model for System Management YANG Data Model for System Management
draft-ietf-netmod-system-mgmt-03 draft-ietf-netmod-system-mgmt-04
Abstract Abstract
This document defines a YANG data model for the configuration and This document defines a YANG data model for the configuration and
identification of the management system of a device. identification of the management system of a device.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 32 skipping to change at page 1, line 32
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 11, 2013. This Internet-Draft will expire on June 29, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 25 skipping to change at page 2, line 25
3.1. System Identification . . . . . . . . . . . . . . . . . . 5 3.1. System Identification . . . . . . . . . . . . . . . . . . 5
3.2. System Time Management . . . . . . . . . . . . . . . . . . 5 3.2. System Time Management . . . . . . . . . . . . . . . . . . 5
3.3. DNS Resolver Model . . . . . . . . . . . . . . . . . . . . 5 3.3. DNS Resolver Model . . . . . . . . . . . . . . . . . . . . 5
3.4. RADIUS Client Model . . . . . . . . . . . . . . . . . . . 6 3.4. RADIUS Client Model . . . . . . . . . . . . . . . . . . . 6
3.5. User Authentication Model . . . . . . . . . . . . . . . . 6 3.5. User Authentication Model . . . . . . . . . . . . . . . . 6
3.5.1. SSH Public Key Authentication . . . . . . . . . . . . 7 3.5.1. SSH Public Key Authentication . . . . . . . . . . . . 7
3.5.2. Local User Password Authentication . . . . . . . . . . 7 3.5.2. Local User Password Authentication . . . . . . . . . . 7
3.5.3. RADIUS Password Authentication . . . . . . . . . . . . 7 3.5.3. RADIUS Password Authentication . . . . . . . . . . . . 7
3.6. System Control . . . . . . . . . . . . . . . . . . . . . . 8 3.6. System Control . . . . . . . . . . . . . . . . . . . . . . 8
4. System YANG module . . . . . . . . . . . . . . . . . . . . . . 9 4. System YANG module . . . . . . . . . . . . . . . . . . . . . . 9
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
6. Security Considerations . . . . . . . . . . . . . . . . . . . 25 6. Security Considerations . . . . . . . . . . . . . . . . . . . 26
7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 27 7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7.1. 00-01 . . . . . . . . . . . . . . . . . . . . . . . . . . 27 7.1. 00-01 . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7.2. 01-02 . . . . . . . . . . . . . . . . . . . . . . . . . . 27 7.2. 01-02 . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7.3. 02-03 . . . . . . . . . . . . . . . . . . . . . . . . . . 27 7.3. 02-03 . . . . . . . . . . . . . . . . . . . . . . . . . . 28
8. Normative References . . . . . . . . . . . . . . . . . . . . . 28 7.4. 03-04 . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 8. Normative References . . . . . . . . . . . . . . . . . . . . . 29
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 31
1. Introduction 1. Introduction
This document defines a YANG [RFC6020] data model for the This document defines a YANG [RFC6020] data model for the
configuration and identification of the management system of a configuration and identification of the management system of a
device. device.
Devices that are managed by NETCONF and perhaps other mechanisms have Devices that are managed by NETCONF and perhaps other mechanisms have
common properties that need to be configured and monitored in a common properties that need to be configured and monitored in a
standard way. standard way.
skipping to change at page 6, line 10 skipping to change at page 6, line 10
3.3. DNS Resolver Model 3.3. DNS Resolver Model
The data model for configuration of the DNS resolver has the The data model for configuration of the DNS resolver has the
following structure: following structure:
+--rw system +--rw system
+--rw dns +--rw dns
+--rw search* inet:host +--rw search* inet:host
+--rw server* inet:ip-address +--rw server* inet:ip-address
+--rw options +--rw options
+--rw ndots? uint8
+--rw timeout? uint8 +--rw timeout? uint8
+--rw attempts? uint8 +--rw attempts? uint8
3.4. RADIUS Client Model 3.4. RADIUS Client Model
The data model for configuration of the RADIUS client has the The data model for configuration of the RADIUS client has the
following structure: following structure:
+--rw system +--rw system
+--rw radius +--rw radius
skipping to change at page 9, line 15 skipping to change at page 9, line 15
4. System YANG module 4. System YANG module
This YANG module imports YANG extensions from [RFC6536], and imports This YANG module imports YANG extensions from [RFC6536], and imports
YANG types from [RFC6021] and [I-D.lange-netmod-iana-timezones]. It YANG types from [RFC6021] and [I-D.lange-netmod-iana-timezones]. It
also references [RFC1321], [RFC2865], [RFC3418], [RFC5607], also references [RFC1321], [RFC2865], [RFC3418], [RFC5607],
[IEEE-1003.1-2008], and [FIPS.180-3.2008]. [IEEE-1003.1-2008], and [FIPS.180-3.2008].
RFC Ed.: update the date below with the date of RFC publication and RFC Ed.: update the date below with the date of RFC publication and
remove this note. remove this note.
<CODE BEGINS> file "ietf-system@2012-09-07.yang" <CODE BEGINS> file "ietf-system@2012-12-26.yang"
module ietf-system { module ietf-system {
namespace "urn:ietf:params:xml:ns:yang:ietf-system"; namespace "urn:ietf:params:xml:ns:yang:ietf-system";
prefix "sys"; prefix "sys";
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
} }
import ietf-inet-types { import ietf-inet-types {
skipping to change at page 10, line 30 skipping to change at page 10, line 30
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
// RFC Ed.: remove this note // RFC Ed.: remove this note
// Note: extracted from draft-ietf-netmod-system-mgmt-03.txt // Note: extracted from draft-ietf-netmod-system-mgmt-04.txt
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision "2012-09-07" { revision "2012-12-26" {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for System Management"; "RFC XXXX: A YANG Data Model for System Management";
} }
/* /*
* Typedefs * Typedefs
*/ */
skipping to change at page 14, line 14 skipping to change at page 14, line 14
} }
identity local-users { identity local-users {
base authentication-method; base authentication-method;
description description
"Indicates password-based authentication of locally "Indicates password-based authentication of locally
configured users."; configured users.";
} }
identity radius-authentication-type {
description
"Base identity for RADIUS authentication types.";
}
identity radius-pap {
base radius-authentication-type;
description
"The device requests PAP authentication from the RADIUS
server.";
reference
"RFC 2865: Remote Authentication Dial In User Service";
}
identity radius-chap {
base radius-authentication-type;
description
"The device requests CHAP authentication from the RADIUS
server.";
reference
"RFC 2865: Remote Authentication Dial In User Service";
}
/* /*
* Top-level container * Top-level container
*/ */
container system { container system {
description description
"System group configuration."; "System group configuration.";
leaf contact { leaf contact {
type string { type string {
skipping to change at page 19, line 25 skipping to change at page 19, line 48
Implementations MAY limit the number of entries in this Implementations MAY limit the number of entries in this
leaf list."; leaf list.";
} }
container options { container options {
description description
"Resolver options. The set of available options has been "Resolver options. The set of available options has been
limited to those that are generally available across limited to those that are generally available across
different resolver implementations, and generally different resolver implementations, and generally
useful."; useful.";
leaf ndots {
type uint8;
default "1";
description
"This parameter sets a threshold for the number of dots
which must appear in a query request before an initial
absolute query will be made.";
}
leaf timeout { leaf timeout {
type uint8; type uint8 {
range "1..max";
}
units "seconds"; units "seconds";
default "5"; default "5";
description description
"The amount of time the resolver will wait for a "The amount of time the resolver will wait for a
response from a remote name server before response from a remote name server before
retrying the query via a different name server."; retrying the query via a different name server.";
} }
leaf attempts { leaf attempts {
type uint8; type uint8 {
range "1..max";
}
default "2"; default "2";
description description
"The number of times the resolver will send a query to "The number of times the resolver will send a query to
its name servers before giving up and returning an its name servers before giving up and returning an
error to the calling application."; error to the calling application.";
} }
} }
} }
container radius { container radius {
if-feature radius; if-feature radius;
description description
"Configuration of the RADIUS client."; "Configuration of the RADIUS client.";
list server { list server {
key address; key address;
ordered-by user; ordered-by user;
description description
skipping to change at page 20, line 36 skipping to change at page 21, line 8
} }
leaf shared-secret { leaf shared-secret {
type string; type string;
nacm:default-deny-all; nacm:default-deny-all;
description description
"The shared secret which is known to both the RADIUS "The shared secret which is known to both the RADIUS
client and server."; client and server.";
reference reference
"RFC 2865: Remote Authentication Dial In User Service"; "RFC 2865: Remote Authentication Dial In User Service";
} }
leaf authentication-type {
type identityref {
base radius-authentication-type;
}
default radius-pap;
description
"The authentication type requested from the RADIUS
server.";
}
} }
container options { container options {
description description
"RADIUS client options."; "RADIUS client options.";
leaf timeout { leaf timeout {
type uint8; type uint8 {
range "1..max";
}
units "seconds"; units "seconds";
default "5"; default "5";
description description
"The number of seconds the device will wait for a "The number of seconds the device will wait for a
response from a RADIUS server before trying with a response from a RADIUS server before trying with a
different server."; different server.";
} }
leaf attempts { leaf attempts {
type uint8; type uint8 {
range "1..max";
}
default "2"; default "2";
description description
"The number of times the device will send a query to "The number of times the device will send a query to
the RADIUS servers before giving up."; the RADIUS servers before giving up.";
} }
} }
} }
container authentication { container authentication {
nacm:default-deny-write; nacm:default-deny-write;
skipping to change at page 28, line 5 skipping to change at page 28, line 38
o added default-stmts to ntp-server/iburst and ntp-server/prefer o added default-stmts to ntp-server/iburst and ntp-server/prefer
leafs leafs
o changed timezone-location leaf to use iana-timezone typedef o changed timezone-location leaf to use iana-timezone typedef
instead of a string instead of a string
7.3. 02-03 7.3. 02-03
o removed configuration-source identities and leafs o removed configuration-source identities and leafs
7.4. 03-04
o removed ndots dns resolver option
o added radius-authentication-type identity, and identities for pap
and chap, and a leaf to control which authentication type to use
when communicating with the radius server
o made 0 an invalid value for timeouts and attempts
8. Normative References 8. Normative References
[FIPS.180-3.2008] [FIPS.180-3.2008]
National Institute of Standards and Technology, "Secure National Institute of Standards and Technology, "Secure
Hash Standard", FIPS PUB 180-3, October 2008, <http:// Hash Standard", FIPS PUB 180-3, October 2008, <http://
csrc.nist.gov/publications/fips/fips180-3/ csrc.nist.gov/publications/fips/fips180-3/
fips180-3_final.pdf>. fips180-3_final.pdf>.
[I-D.lange-netmod-iana-timezones] [I-D.lange-netmod-iana-timezones]
Lange, J., "IANA Timezone Database YANG Modul", Lange, J., "IANA Timezone Database YANG Module",
draft-lange-netmod-iana-timezones-01 (work in progress), draft-lange-netmod-iana-timezones-01 (work in progress),
June 2012. June 2012.
[IEEE-1003.1-2008] [IEEE-1003.1-2008]
Institute of Electrical and Electronics Engineers, Institute of Electrical and Electronics Engineers,
"POSIX.1-2008", IEEE Standard 1003.1, March 2008. "POSIX.1-2008", IEEE Standard 1003.1, March 2008.
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992. April 1992.
 End of changes. 18 change blocks. 
29 lines changed or deleted 72 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/