From 4ef110fd2c501b718344c72d495ad7e16d2bd465 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 30 Dec 2023 23:25:20 +0100 Subject: T5474: establish common file name pattern for XML conf mode commands We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in --- interface-definitions/system_login.xml.in | 302 ++++++++++++++++++++++++++++++ 1 file changed, 302 insertions(+) create mode 100644 interface-definitions/system_login.xml.in (limited to 'interface-definitions/system_login.xml.in') diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in new file mode 100644 index 000000000..44e1a7a92 --- /dev/null +++ b/interface-definitions/system_login.xml.in @@ -0,0 +1,302 @@ + + + + + + + System User Login Configuration + 400 + + + + + Local user account information + + #include + + Username contains illegal characters or\nexceeds 100 character limitation. + + + + + Authentication settings + + + + + Encrypted password + + (\*|\!) + [a-zA-Z0-9\.\/]{13} + \$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22} + \$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43} + \$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86} + + Invalid encrypted password for $VAR(../../@). + + ! + + + + One-Time-Pad (two-factor) authentication parameters + + + + + Limit number of logins (rate-limit) per rate-time + + u32:1-10 + Number of attempts + + + + + Number of login attempts must me between 1 and 10 + + 3 + + + + Limit number of logins (rate-limit) per rate-time + + u32:15-600 + Time interval + + + + + Rate limit time interval must be between 15 and 600 seconds + + 30 + + + + Set window of concurrently valid codes + + u32:1-21 + Window size + + + + + Window of concurrently valid codes must be between 1 and 21 + + 3 + + + + Key/secret the token algorithm (see RFC4226) + + txt + Base32 encoded key/token + + + [a-zA-Z2-7]{26,10000} + + Key must only include base32 characters and be at least 26 characters long + + + + + + + Plaintext password used for encryption + + + + + Remote access public keys + + txt + Key identifier used by ssh-keygen (usually of form user@host) + + + + + + Public key value (Base64 encoded) + + + + + + + + Optional public key options + + + + + SSH public key type + + ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ecdsa-sha2-nistp256@openssh.com sk-ssh-ed25519@openssh.com + + + ssh-dss + Digital Signature Algorithm (DSA) key support + + + ssh-rsa + Key pair based on RSA algorithm + + + ecdsa-sha2-nistp256 + Elliptic Curve DSA with NIST P-256 curve + + + ecdsa-sha2-nistp384 + Elliptic Curve DSA with NIST P-384 curve + + + ecdsa-sha2-nistp521 + Elliptic Curve DSA with NIST P-521 curve + + + ssh-ed25519 + Edwards-curve DSA with elliptic curve 25519 + + + sk-ecdsa-sha2-nistp256@openssh.com + Elliptic Curve DSA security key + + + sk-ssh-ed25519@openssh.com + Elliptic curve 25519 security key + + + (ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519|sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com) + + + + + + + + + + Full name of the user (use quotes for names with spaces) + + [^:]* + + Cannot use ':' in full name + + + + + Home directory + + txt + Path to home directory + + + \/$|(\/[a-zA-Z_0-9-.]+)+ + + + + + + #include + + + + + #include + + + Server priority + + u32:1-255 + Server priority + + + + + + 255 + + + + #include + + + + + TACACS+ based user authentication + + + + + TACACS+ server configuration + + ipv4 + TACACS+ server IPv4 address + + + + + + + #include + #include + #include + + 49 + + + + #include + + + Security mode for TACACS+ authentication + + mandatory optional + + + mandatory + Deny access immediately if TACACS+ answers with REJECT + + + optional + Pass to the next authentication method if TACACS+ answers with REJECT + + + (mandatory|optional) + + + optional + + #include + #include + + + + + Maximum number of all login sessions + + u32:1-65536 + Maximum number of all login sessions + + + + + Maximum logins must be between 1 and 65536 + + + + + Session timeout + + u32:5-604800 + Session timeout in seconds + + + + + Timeout must be between 5 and 604800 seconds + + + + + + + -- cgit v1.2.3