diff options
Diffstat (limited to 'interface-definitions/system-login.xml.in')
-rw-r--r-- | interface-definitions/system-login.xml.in | 302 |
1 files changed, 0 insertions, 302 deletions
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in deleted file mode 100644 index be0145b4f..000000000 --- a/interface-definitions/system-login.xml.in +++ /dev/null @@ -1,302 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="system"> - <children> - <node name="login" owner="${vyos_conf_scripts_dir}/system-login.py"> - <properties> - <help>System User Login Configuration</help> - <priority>400</priority> - </properties> - <children> - <tagNode name="user"> - <properties> - <help>Local user account information</help> - <constraint> - #include <include/constraint/login-username.xml.i> - </constraint> - <constraintErrorMessage>Username contains illegal characters or\nexceeds 100 character limitation.</constraintErrorMessage> - </properties> - <children> - <node name="authentication"> - <properties> - <help>Authentication settings</help> - </properties> - <children> - <leafNode name="encrypted-password"> - <properties> - <help>Encrypted password</help> - <constraint> - <regex>(\*|\!)</regex> - <regex>[a-zA-Z0-9\.\/]{13}</regex> - <regex>\$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22}</regex> - <regex>\$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex> - <regex>\$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex> - </constraint> - <constraintErrorMessage>Invalid encrypted password for $VAR(../../@).</constraintErrorMessage> - </properties> - <defaultValue>!</defaultValue> - </leafNode> - <node name="otp"> - <properties> - <help>One-Time-Pad (two-factor) authentication parameters</help> - </properties> - <children> - <leafNode name="rate-limit"> - <properties> - <help>Limit number of logins (rate-limit) per rate-time</help> - <valueHelp> - <format>u32:1-10</format> - <description>Number of attempts</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-10"/> - </constraint> - <constraintErrorMessage>Number of login attempts must me between 1 and 10</constraintErrorMessage> - </properties> - <defaultValue>3</defaultValue> - </leafNode> - <leafNode name="rate-time"> - <properties> - <help>Limit number of logins (rate-limit) per rate-time</help> - <valueHelp> - <format>u32:15-600</format> - <description>Time interval</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 15-600"/> - </constraint> - <constraintErrorMessage>Rate limit time interval must be between 15 and 600 seconds</constraintErrorMessage> - </properties> - <defaultValue>30</defaultValue> - </leafNode> - <leafNode name="window-size"> - <properties> - <help>Set window of concurrently valid codes</help> - <valueHelp> - <format>u32:1-21</format> - <description>Window size</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-21"/> - </constraint> - <constraintErrorMessage>Window of concurrently valid codes must be between 1 and 21</constraintErrorMessage> - </properties> - <defaultValue>3</defaultValue> - </leafNode> - <leafNode name="key"> - <properties> - <help>Key/secret the token algorithm (see RFC4226)</help> - <valueHelp> - <format>txt</format> - <description>Base32 encoded key/token</description> - </valueHelp> - <constraint> - <regex>[a-zA-Z2-7]{26,10000}</regex> - </constraint> - <constraintErrorMessage>Key must only include base32 characters and be at least 26 characters long</constraintErrorMessage> - </properties> - </leafNode> - </children> - </node> - <leafNode name="plaintext-password"> - <properties> - <help>Plaintext password used for encryption</help> - </properties> - </leafNode> - <tagNode name="public-keys"> - <properties> - <help>Remote access public keys</help> - <valueHelp> - <format>txt</format> - <description>Key identifier used by ssh-keygen (usually of form user@host)</description> - </valueHelp> - </properties> - <children> - <leafNode name="key"> - <properties> - <help>Public key value (Base64 encoded)</help> - <constraint> - <validator name="base64"/> - </constraint> - </properties> - </leafNode> - <leafNode name="options"> - <properties> - <help>Optional public key options</help> - </properties> - </leafNode> - <leafNode name="type"> - <properties> - <help>SSH public key type</help> - <completionHelp> - <list>ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ecdsa-sha2-nistp256@openssh.com sk-ssh-ed25519@openssh.com</list> - </completionHelp> - <valueHelp> - <format>ssh-dss</format> - <description>Digital Signature Algorithm (DSA) key support</description> - </valueHelp> - <valueHelp> - <format>ssh-rsa</format> - <description>Key pair based on RSA algorithm</description> - </valueHelp> - <valueHelp> - <format>ecdsa-sha2-nistp256</format> - <description>Elliptic Curve DSA with NIST P-256 curve</description> - </valueHelp> - <valueHelp> - <format>ecdsa-sha2-nistp384</format> - <description>Elliptic Curve DSA with NIST P-384 curve</description> - </valueHelp> - <valueHelp> - <format>ecdsa-sha2-nistp521</format> - <description>Elliptic Curve DSA with NIST P-521 curve</description> - </valueHelp> - <valueHelp> - <format>ssh-ed25519</format> - <description>Edwards-curve DSA with elliptic curve 25519</description> - </valueHelp> - <valueHelp> - <format>sk-ecdsa-sha2-nistp256@openssh.com</format> - <description>Elliptic Curve DSA security key</description> - </valueHelp> - <valueHelp> - <format>sk-ssh-ed25519@openssh.com</format> - <description>Elliptic curve 25519 security key</description> - </valueHelp> - <constraint> - <regex>(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519|sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com)</regex> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </node> - <leafNode name="full-name"> - <properties> - <help>Full name of the user (use quotes for names with spaces)</help> - <constraint> - <regex>[^:]*</regex> - </constraint> - <constraintErrorMessage>Cannot use ':' in full name</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="home-directory"> - <properties> - <help>Home directory</help> - <valueHelp> - <format>txt</format> - <description>Path to home directory</description> - </valueHelp> - <constraint> - <regex>\/$|(\/[a-zA-Z_0-9-.]+)+</regex> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - #include <include/radius-server-ipv4-ipv6.xml.i> - <node name="radius"> - <children> - <tagNode name="server"> - <children> - #include <include/radius-timeout.xml.i> - <leafNode name="priority"> - <properties> - <help>Server priority</help> - <valueHelp> - <format>u32:1-255</format> - <description>Server priority</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-255"/> - </constraint> - </properties> - <defaultValue>255</defaultValue> - </leafNode> - </children> - </tagNode> - #include <include/interface/vrf.xml.i> - </children> - </node> - <node name="tacacs"> - <properties> - <help>TACACS+ based user authentication</help> - </properties> - <children> - <tagNode name="server"> - <properties> - <help>TACACS+ server configuration</help> - <valueHelp> - <format>ipv4</format> - <description>TACACS+ server IPv4 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - <children> - #include <include/generic-disable-node.xml.i> - #include <include/radius-server-key.xml.i> - #include <include/port-number.xml.i> - <leafNode name="port"> - <defaultValue>49</defaultValue> - </leafNode> - </children> - </tagNode> - <leafNode name="security-mode"> - <properties> - <help>Security mode for TACACS+ authentication</help> - <completionHelp> - <list>mandatory optional</list> - </completionHelp> - <valueHelp> - <format>mandatory</format> - <description>Deny access immediately if TACACS+ answers with REJECT</description> - </valueHelp> - <valueHelp> - <format>optional</format> - <description>Pass to the next authentication method if TACACS+ answers with REJECT</description> - </valueHelp> - <constraint> - <regex>(mandatory|optional)</regex> - </constraint> - </properties> - <defaultValue>optional</defaultValue> - </leafNode> - #include <include/source-address-ipv4.xml.i> - #include <include/radius-timeout.xml.i> - #include <include/interface/vrf.xml.i> - </children> - </node> - <leafNode name="max-login-session"> - <properties> - <help>Maximum number of all login sessions</help> - <valueHelp> - <format>u32:1-65536</format> - <description>Maximum number of all login sessions</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65536"/> - </constraint> - <constraintErrorMessage>Maximum logins must be between 1 and 65536</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="timeout"> - <properties> - <help>Session timeout</help> - <valueHelp> - <format>u32:5-604800</format> - <description>Session timeout in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 5-604800"/> - </constraint> - <constraintErrorMessage>Timeout must be between 5 and 604800 seconds</constraintErrorMessage> - </properties> - </leafNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> |