config UPDATE add missing CH augments to module
diff --git a/modules/libnetconf2-netconf-server.yang b/modules/libnetconf2-netconf-server.yang
index 0753522..8c62b9b 100644
--- a/modules/libnetconf2-netconf-server.yang
+++ b/modules/libnetconf2-netconf-server.yang
@@ -254,20 +254,26 @@
}
// CH auth-attempts and auth-timeout
- augment "/ncs:netconf-server/ncs:call-home/ncs:netconf-client/ncs:endpoints/ncs:endpoint/ncs:transport/ncs:ssh/ncs:ssh/ncs:ssh-server-parameters/ncs:client-authentication" {
+ augment "/ncs:netconf-server/ncs:call-home/ncs:netconf-client/ncs:endpoints/ncs:endpoint/ncs:transport/
+ ncs:ssh/ncs:ssh/ncs:ssh-server-parameters/ncs:client-authentication" {
leaf auth-attempts {
type uint16;
default 3;
+ description
+ "Represents the number of failed attempts before an authentication is deemed unsuccessful.";
}
leaf auth-timeout {
type uint16;
default 10;
units "seconds";
+ description
+ "Represents the maximum amount of seconds an authentication can go on for.";
}
}
- augment "/ncs:netconf-server/ncs:listen/ncs:endpoint/ncs:transport/ncs:ssh/ncs:ssh/ncs:ssh-server-parameters/ncs:client-authentication/ncs:users/ncs:user" {
+ augment "/ncs:netconf-server/ncs:listen/ncs:endpoint/ncs:transport/ncs:ssh/
+ ncs:ssh/ncs:ssh-server-parameters/ncs:client-authentication/ncs:users/ncs:user" {
container keyboard-interactive {
presence "";
leaf pam-config-file-name {
@@ -277,10 +283,31 @@
leaf pam-config-file-dir {
type string;
}
+ description
+ "Keyboard interactive SSH authentication method.";
+ }
+ }
+
+ // CH KB int
+ augment "/ncs:netconf-server/ncs:call-home/ncs:netconf-client/ncs:endpoints/ncs:endpoint/ncs:transport/
+ ncs:ssh/ncs:ssh/ncs:ssh-server-parameters/ncs:client-authentication/ncs:users/ncs:user" {
+ container keyboard-interactive {
+ presence "";
+ leaf pam-config-file-name {
+ type string;
+ mandatory true;
+ }
+ leaf pam-config-file-dir {
+ type string;
+ }
+ description
+ "Keyboard interactive SSH authentication method.";
}
}
augment "/ncs:netconf-server/ncs:listen/ncs:endpoint/ncs:transport" {
+ description
+ "Defines a new transport called UNIX socket.";
case unix-socket {
container unix-socket {
leaf path {
@@ -373,4 +400,48 @@
}
}
}
+
+ // CH CRL
+ augment "/ncs:netconf-server/ncs:call-home/ncs:netconf-client/ncs:endpoints/ncs:endpoint/ncs:transport/
+ ncs:tls/ncs:tls/ncs:tls-server-parameters/ncs:client-authentication" {
+ description
+ "Indicates that the Call Home TLS server is using a Certificate Revocation List
+ to authenticate clients or to deny access for certain certificates.
+ The given Certificate Revocation List must be PEM or DER encoded.";
+
+ reference
+ "RFC 5280:
+ Internet X.509 Public Key Infrastructure Certificate
+ and Certificate Revocation List (CRL) Profile";
+
+ choice certificate-revocation-list {
+ leaf crl-url {
+ type string;
+ description
+ "An URL from which the Certificate Revocation List will be
+ downloaded and used. The HTTP protocol works, but other
+ protocols, such as FTP, may work as well.";
+ }
+
+ leaf crl-path {
+ type string;
+ description
+ "A path to a Certificate Revocation List file.";
+ }
+
+ leaf crl-cert-ext {
+ type empty;
+ description
+ "Indicates that the Certificate Revocation List
+ Distribution Points extension will be used to fetch
+ Certificate Revocation Lists from. This will be done
+ for all the configured Certificate Authority certificates.";
+
+ reference
+ "RFC 5280:
+ Internet X.509 Public Key Infrastructure Certificate
+ and Certificate Revocation List (CRL) Profile, Section 4.2.1.13";
+ }
+ }
+ }
}