summaryrefslogtreecommitdiff
path: root/interface-definitions/system-login.xml.in
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions/system-login.xml.in')
-rw-r--r--interface-definitions/system-login.xml.in302
1 files changed, 0 insertions, 302 deletions
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
deleted file mode 100644
index a2f8beead..000000000
--- a/interface-definitions/system-login.xml.in
+++ /dev/null
@@ -1,302 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
- <node name="system">
- <children>
- <node name="login" owner="${vyos_conf_scripts_dir}/system-login.py">
- <properties>
- <help>System User Login Configuration</help>
- <priority>400</priority>
- </properties>
- <children>
- <tagNode name="user">
- <properties>
- <help>Local user account information</help>
- <constraint>
- #include <include/constraint/login-username.xml.i>
- </constraint>
- <constraintErrorMessage>Username contains illegal characters or\nexceeds 100 character limitation.</constraintErrorMessage>
- </properties>
- <children>
- <node name="authentication">
- <properties>
- <help>Authentication settings</help>
- </properties>
- <children>
- <leafNode name="encrypted-password">
- <properties>
- <help>Encrypted password</help>
- <constraint>
- <regex>(\*|\!)</regex>
- <regex>[a-zA-Z0-9\.\/]{13}</regex>
- <regex>\$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22}</regex>
- <regex>\$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex>
- <regex>\$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex>
- </constraint>
- <constraintErrorMessage>Invalid encrypted password for $VAR(../../@).</constraintErrorMessage>
- </properties>
- <defaultValue>!</defaultValue>
- </leafNode>
- <node name="otp">
- <properties>
- <help>One-Time-Pad (two-factor) authentication parameters</help>
- </properties>
- <children>
- <leafNode name="rate-limit">
- <properties>
- <help>Limit number of logins (rate-limit) per rate-time</help>
- <valueHelp>
- <format>u32:1-10</format>
- <description>Number of attempts</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-10"/>
- </constraint>
- <constraintErrorMessage>Number of login attempts must me between 1 and 10</constraintErrorMessage>
- </properties>
- <defaultValue>3</defaultValue>
- </leafNode>
- <leafNode name="rate-time">
- <properties>
- <help>Limit number of logins (rate-limit) per rate-time</help>
- <valueHelp>
- <format>u32:15-600</format>
- <description>Time interval</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 15-600"/>
- </constraint>
- <constraintErrorMessage>Rate limit time interval must be between 15 and 600 seconds</constraintErrorMessage>
- </properties>
- <defaultValue>30</defaultValue>
- </leafNode>
- <leafNode name="window-size">
- <properties>
- <help>Set window of concurrently valid codes</help>
- <valueHelp>
- <format>u32:1-21</format>
- <description>Window size</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-21"/>
- </constraint>
- <constraintErrorMessage>Window of concurrently valid codes must be between 1 and 21</constraintErrorMessage>
- </properties>
- <defaultValue>3</defaultValue>
- </leafNode>
- <leafNode name="key">
- <properties>
- <help>Key/secret the token algorithm (see RFC4226)</help>
- <valueHelp>
- <format>txt</format>
- <description>Base32 encoded key/token</description>
- </valueHelp>
- <constraint>
- <regex>[a-zA-Z2-7]{26,10000}</regex>
- </constraint>
- <constraintErrorMessage>Key must only include base32 characters and be at least 26 characters long</constraintErrorMessage>
- </properties>
- </leafNode>
- </children>
- </node>
- <leafNode name="plaintext-password">
- <properties>
- <help>Plaintext password used for encryption</help>
- </properties>
- </leafNode>
- <tagNode name="public-keys">
- <properties>
- <help>Remote access public keys</help>
- <valueHelp>
- <format>txt</format>
- <description>Key identifier used by ssh-keygen (usually of form user@host)</description>
- </valueHelp>
- </properties>
- <children>
- <leafNode name="key">
- <properties>
- <help>Public key value (Base64 encoded)</help>
- <constraint>
- <validator name="base64"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="options">
- <properties>
- <help>Optional public key options</help>
- </properties>
- </leafNode>
- <leafNode name="type">
- <properties>
- <help>SSH public key type</help>
- <completionHelp>
- <list>ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ecdsa-sha2-nistp256@openssh.com sk-ssh-ed25519@openssh.com</list>
- </completionHelp>
- <valueHelp>
- <format>ssh-dss</format>
- <description>Digital Signature Algorithm (DSA) key support</description>
- </valueHelp>
- <valueHelp>
- <format>ssh-rsa</format>
- <description>Key pair based on RSA algorithm</description>
- </valueHelp>
- <valueHelp>
- <format>ecdsa-sha2-nistp256</format>
- <description>Elliptic Curve DSA with NIST P-256 curve</description>
- </valueHelp>
- <valueHelp>
- <format>ecdsa-sha2-nistp384</format>
- <description>Elliptic Curve DSA with NIST P-384 curve</description>
- </valueHelp>
- <valueHelp>
- <format>ecdsa-sha2-nistp521</format>
- <description>Elliptic Curve DSA with NIST P-521 curve</description>
- </valueHelp>
- <valueHelp>
- <format>ssh-ed25519</format>
- <description>Edwards-curve DSA with elliptic curve 25519</description>
- </valueHelp>
- <valueHelp>
- <format>sk-ecdsa-sha2-nistp256@openssh.com</format>
- <description>Elliptic Curve DSA security key</description>
- </valueHelp>
- <valueHelp>
- <format>sk-ssh-ed25519@openssh.com</format>
- <description>Elliptic curve 25519 security key</description>
- </valueHelp>
- <constraint>
- <regex>(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519|sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com)</regex>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- </children>
- </node>
- <leafNode name="full-name">
- <properties>
- <help>Full name of the user (use quotes for names with spaces)</help>
- <constraint>
- <regex>[^:]*</regex>
- </constraint>
- <constraintErrorMessage>Cannot use ':' in full name</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="home-directory">
- <properties>
- <help>Home directory</help>
- <valueHelp>
- <format>txt</format>
- <description>Path to home directory</description>
- </valueHelp>
- <constraint>
- <regex>\/$|(\/[a-zA-Z_0-9-.]+)+</regex>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- #include <include/radius-server-ipv4-ipv6.xml.i>
- <node name="radius">
- <children>
- <tagNode name="server">
- <children>
- #include <include/radius-timeout.xml.i>
- <leafNode name="priority">
- <properties>
- <help>Server priority</help>
- <valueHelp>
- <format>u32:1-255</format>
- <description>Server priority</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-255"/>
- </constraint>
- </properties>
- <defaultValue>255</defaultValue>
- </leafNode>
- </children>
- </tagNode>
- #include <include/interface/vrf.xml.i>
- </children>
- </node>
- <node name="tacacs">
- <properties>
- <help>TACACS+ based user authentication</help>
- </properties>
- <children>
- <tagNode name="server">
- <properties>
- <help>TACACS+ server configuration</help>
- <valueHelp>
- <format>ipv4</format>
- <description>TACACS+ server IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- <children>
- #include <include/generic-disable-node.xml.i>
- #include <include/radius-server-key.xml.i>
- #include <include/port-number.xml.i>
- <leafNode name="port">
- <defaultValue>49</defaultValue>
- </leafNode>
- </children>
- </tagNode>
- #include <include/source-address-ipv4.xml.i>
- <leafNode name="security-mode">
- <properties>
- <help>Security mode for TACACS+ authentication</help>
- <completionHelp>
- <list>mandatory optional</list>
- </completionHelp>
- <valueHelp>
- <format>mandatory</format>
- <description>Deny access immediately if TACACS+ answers with REJECT</description>
- </valueHelp>
- <valueHelp>
- <format>optional</format>
- <description>Pass to the next authentication method if TACACS+ answers with REJECT</description>
- </valueHelp>
- <constraint>
- <regex>(mandatory|optional)</regex>
- </constraint>
- </properties>
- <defaultValue>optional</defaultValue>
- </leafNode>
- #include <include/radius-timeout.xml.i>
- #include <include/interface/vrf.xml.i>
- </children>
- </node>
- <leafNode name="max-login-session">
- <properties>
- <help>Maximum number of all login sessions</help>
- <valueHelp>
- <format>u32:1-65536</format>
- <description>Maximum number of all login sessions</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-65536"/>
- </constraint>
- <constraintErrorMessage>Maximum logins must be between 1 and 65536</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="timeout">
- <properties>
- <help>Session timeout</help>
- <valueHelp>
- <format>u32:5-604800</format>
- <description>Session timeout in seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 5-604800"/>
- </constraint>
- <constraintErrorMessage>Timeout must be between 5 and 604800 seconds</constraintErrorMessage>
- </properties>
- </leafNode>
- </children>
- </node>
- </children>
- </node>
-</interfaceDefinition>