|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
xmlns="urn:ietf:params:xml:ns:yang:yin:1"
|
|
Packit |
8fb591 |
xmlns:ianach="urn:ietf:params:xml:ns:yang:iana-crypt-hash">
|
|
Packit |
8fb591 |
<namespace uri="urn:ietf:params:xml:ns:yang:iana-crypt-hash"/>
|
|
Packit |
8fb591 |
<prefix value="ianach"/>
|
|
Packit |
8fb591 |
<organization>
|
|
Packit |
8fb591 |
<text>IANA</text>
|
|
Packit |
8fb591 |
</organization>
|
|
Packit |
8fb591 |
<contact>
|
|
Packit |
8fb591 |
<text> Internet Assigned Numbers Authority
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Postal: ICANN
|
|
Packit |
8fb591 |
12025 Waterfront Drive, Suite 300
|
|
Packit |
8fb591 |
Los Angeles, CA 90094-2536
|
|
Packit |
8fb591 |
United States
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Tel: +1 310 301 5800
|
|
Packit |
8fb591 |
E-Mail: iana@iana.org></text>
|
|
Packit |
8fb591 |
</contact>
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>This YANG module defines a type for storing passwords
|
|
Packit |
8fb591 |
using a hash function and features to indicate which hash
|
|
Packit |
8fb591 |
functions are supported by an implementation.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
The latest revision of this YANG module can be obtained from
|
|
Packit |
8fb591 |
the IANA web site.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Requests for new values should be made to IANA via
|
|
Packit |
8fb591 |
email (iana@iana.org).
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Copyright (c) 2014 IETF Trust and the persons identified as
|
|
Packit |
8fb591 |
authors of the code. All rights reserved.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Redistribution and use in source and binary forms, with or
|
|
Packit |
8fb591 |
without modification, is permitted pursuant to, and subject
|
|
Packit |
8fb591 |
to the license terms contained in, the Simplified BSD License
|
|
Packit |
8fb591 |
set forth in Section 4.c of the IETF Trust's Legal Provisions
|
|
Packit |
8fb591 |
Relating to IETF Documents
|
|
Packit |
8fb591 |
(http://trustee.ietf.org/license-info).
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
The initial version of this YANG module is part of RFC 7317;
|
|
Packit |
8fb591 |
see the RFC itself for full legal notices.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<revision date="2014-08-06">
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>Initial revision.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 7317: A YANG Data Model for System Management</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</revision>
|
|
Packit |
8fb591 |
<typedef name="crypt-hash">
|
|
Packit |
8fb591 |
<type name="string">
|
|
Packit |
8fb591 |
<pattern value="$0$.*|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}"/>
|
|
Packit |
8fb591 |
</type>
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>The crypt-hash type is used to store passwords using
|
|
Packit |
8fb591 |
a hash function. The algorithms for applying the hash
|
|
Packit |
8fb591 |
function and encoding the result are implemented in
|
|
Packit |
8fb591 |
various UNIX systems as the function crypt(3).
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
A value of this type matches one of the forms:
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
$0$<clear text password>
|
|
Packit |
8fb591 |
$<id>$<salt>$<password hash>
|
|
Packit |
8fb591 |
$<id>$<parameter>$<salt>$<password hash>
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
The '$0$' prefix signals that the value is clear text. When
|
|
Packit |
8fb591 |
such a value is received by the server, a hash value is
|
|
Packit |
8fb591 |
calculated, and the string '$<id>$<salt>$' or
|
|
Packit |
8fb591 |
$<id>$<parameter>$<salt>$ is prepended to the result. This
|
|
Packit |
8fb591 |
value is stored in the configuration data store.
|
|
Packit |
8fb591 |
If a value starting with '$<id>$', where <id> is not '0', is
|
|
Packit |
8fb591 |
received, the server knows that the value already represents a
|
|
Packit |
8fb591 |
hashed value and stores it 'as is' in the data store.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
When a server needs to verify a password given by a user, it
|
|
Packit |
8fb591 |
finds the stored password hash string for that user, extracts
|
|
Packit |
8fb591 |
the salt, and calculates the hash with the salt and given
|
|
Packit |
8fb591 |
password as input. If the calculated hash value is the same
|
|
Packit |
8fb591 |
as the stored value, the password given by the client is
|
|
Packit |
8fb591 |
accepted.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
This type defines the following hash functions:
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
id | hash function | feature
|
|
Packit |
8fb591 |
---+---------------+-------------------
|
|
Packit |
8fb591 |
1 | MD5 | crypt-hash-md5
|
|
Packit |
8fb591 |
5 | SHA-256 | crypt-hash-sha-256
|
|
Packit |
8fb591 |
6 | SHA-512 | crypt-hash-sha-512
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
The server indicates support for the different hash functions
|
|
Packit |
8fb591 |
by advertising the corresponding feature.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>IEEE Std 1003.1-2008 - crypt() function
|
|
Packit |
8fb591 |
RFC 1321: The MD5 Message-Digest Algorithm
|
|
Packit |
8fb591 |
FIPS.180-4.2012: Secure Hash Standard (SHS)</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</typedef>
|
|
Packit |
8fb591 |
<feature name="crypt-hash-md5">
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>Indicates that the device supports the MD5
|
|
Packit |
8fb591 |
hash function in 'crypt-hash' values.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 1321: The MD5 Message-Digest Algorithm</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</feature>
|
|
Packit |
8fb591 |
<feature name="crypt-hash-sha-256">
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>Indicates that the device supports the SHA-256
|
|
Packit |
8fb591 |
hash function in 'crypt-hash' values.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>FIPS.180-4.2012: Secure Hash Standard (SHS)</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</feature>
|
|
Packit |
8fb591 |
<feature name="crypt-hash-sha-512">
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>Indicates that the device supports the SHA-512
|
|
Packit |
8fb591 |
hash function in 'crypt-hash' values.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>FIPS.180-4.2012: Secure Hash Standard (SHS)</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</feature>
|
|
Packit |
8fb591 |
</module>
|