Cisco System Model: Classaaa:AuthMethod

Overview

Inheritance

Events

Faults

FSMs

Properties Summary

Properties Detail

Class aaa:AuthMethod (ABSTRACT)

Class ID:1005
Encrypted: false - Exportable: true - Persistent: true
Privileges: []
SNMP OID:

This MO represents generic Authentication configuration.

Naming Rules
DN FORMAT:

Inheritance

policy:Item The base class for all objects contained by policy:Definition. Though no containment rules are specified here, by convention policy:Item must be contained by either policy:Definition or another policy:Item.

├

aaa:Item

├

aaa:Config This MO represents generic AAA configuration. Though today it is used only for Authentication configuration, Accounting configuration could derive from this MO in future

├

aaa:AuthMethod

├

aaa:ConsoleAuth MO representing the Authentication configuration for Console Login

├

aaa:DefaultAuth MO representing the Default Authentication configuration for all logins

├

aaa:DomainAuth MO representing the Default Authentication configuration domain logins

Events

Faults
aaa:Config:servergroup

Fsms

Properties Summary

Defined in: aaa:Config
aaa:ProviderGroupName string:Basic	operProviderGroup (aaa:Config:operProviderGroup) The server group currently in use for authentication requests
aaa:Realm scalar:Enum8	operRealm (aaa:Config:operRealm) The realm currently in use for authentication/accounting requests
aaa:ProviderGroupName string:Basic	providerGroup (aaa:Config:providerGroup) This property specifies the name of ProviderGroup which will be used for for authentication/accounting.The usage of this property value depends on the value of 'realm' property above. When an value is provided for property, this would restrict the servers which will be tried. When no value is provided, then all the servers will be tried for the protocol realm configured in the 'realm' property above.
aaa:Realm scalar:Enum8	realm (aaa:Config:realm) The realm to be used for processing authentication/accounting requests
scalar:Bool	use2Factor (aaa:Config:use2Factor) This flag is to specify whether to use 2-factor for authentication.

Defined in: aaa:Item
naming:Descr string:Basic	descr (aaa:Item:descr) NO COMMENTS
naming:Name string:Basic	name (aaa:Item:name) NO COMMENTS

Defined in: mo:TopProps
mo:ModificationChildAction scalar:Bitmask32	childAction (mo:TopProps:childAction)
reference:Object	dn (mo:TopProps:dn) The Distinguished Name (dn) unambiguously identifies an object in the system. The dn provides a fully qualified path from the top of the object tree, all the way to the object. It is built as a sequence of relative names separated by the "/" character. For example: < ... dn = "sys/chassis-5/blade-2/adaptor-1" />
reference:RN	rn (mo:TopProps:rn) The Relative Name (rn) uniquely identifies an object within a given context. Note that a dn is comprised of a sequence of relative names. For example, the context "sys/chassis-1/blade-1/adaptor-1/host-eth-2" can be thought of as the following expression: dn = <root object>/{rn}/{rn}/{rn}/{rn}/{rn}. The rn can then be used to identify the object (for instance, "adaptor-1") within the context: <... rn ="../" />
mo:InstSaclType scalar:Bitmask8	sacl (mo:TopProps:sacl) The system acl property for each Managed Object. br/> This property is a 8 bit mask and supports the following values :- a: del b: mod c: addchild d: cascade By default all Managed Objects have the following permissions a: del b: mod c: addchild This property is persisted in the db. If this property has a value none it means, the user has read only permissions on this object.
mo:ModificationStatus scalar:Bitmask32	status (mo:TopProps:status) This property controls the life cycle of a managed object

Properties Detail

childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null

Encrypted: false

Access: implicit

Category: TopLevelChildAction

Property Validators:

Comments:

Constants
deleteAll	16384u	NO COMMENTS
ignore	4096u	NO COMMENTS
deleteNonPresent	8192u	NO COMMENTS
DEFAULT	0	This type is used to

descr

Type: naming:Descr
Primitive Type: string:Basic

Like: naming:Described:descr

Units: null

Encrypted: false

Access: admin

Category: TopLevelRegular

Property Validators:
    Range:  min: "0"  max: "256"
        Allowed Chars:
            Regex: [a-zA-Z0-9\[\]!#$%()*+,-./:;@ _{|}˜?&]+

Comments:

NO COMMENTS

dn

Type: reference:Object

Units: null

Encrypted: false

Access: implicit

Category: TopLevelDn

Property Validators:

Comments:

The Distinguished Name (dn) unambiguously identifies an object in the system.
The dn provides a fully qualified path from the top of the object tree, all the way to the object. It is built as a sequence of relative names separated by the "/" character.
For example:
< ... dn = "sys/chassis-5/blade-2/adaptor-1" />

name

Type: naming:Name
Primitive Type: string:Basic

Like: naming:Named:name

Units: null

Encrypted: false

Access: admin

Category: TopLevelRegular

Property Validators:
    Range:  min: "0"  max: "16"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.:-]+

Comments:

NO COMMENTS

operProviderGroup

Type: aaa:ProviderGroupName
Primitive Type: string:Basic

Units: null

Encrypted: false

Access: implicit

Category: TopLevelRegular

Property Validators:
    Range:  min: "0"  max: "127"

Comments:

The server group currently in use for authentication requests

operRealm

Type: aaa:Realm
Primitive Type: scalar:Enum8

Units: null

Encrypted: false

Access: implicit

Category: TopLevelRegular

Property Validators:

Comments:

The realm currently in use for authentication/accounting requests

Constants
local	0	NO COMMENTS
radius	1	NO COMMENTS
tacacs	2	NO COMMENTS
ldap	3	NO COMMENTS
none	4	NO COMMENTS
DEFAULT	local(0)	NO COMMENTS

providerGroup

Type: aaa:ProviderGroupName
Primitive Type: string:Basic

Units: null

Encrypted: false

Access: admin

Category: TopLevelRegular

Property Validators:
    Range:  min: "0"  max: "127"

Comments:

This property specifies the name of ProviderGroup which will be used for for authentication/accounting.The usage of this property value depends on the value of 'realm' property above. When an value is provided for property, this would restrict the servers which will be tried. When no value is provided, then all the servers will be tried for the protocol realm configured in the 'realm' property above.

realm

Type: aaa:Realm
Primitive Type: scalar:Enum8

Units: null

Encrypted: false

Access: admin

Category: TopLevelRegular

Property Validators:

Comments:

The realm to be used for processing authentication/accounting requests

Constants
local	0	NO COMMENTS
radius	1	NO COMMENTS
tacacs	2	NO COMMENTS
ldap	3	NO COMMENTS
none	4	NO COMMENTS
DEFAULT	local(0)	NO COMMENTS

rn

Type: reference:RN

Units: null

Encrypted: false

Access: implicit

Category: TopLevelRn

Property Validators:

Comments:

The Relative Name (rn) uniquely identifies an object within a given context.
Note that a dn is comprised of a sequence of relative names. For example, the context "sys/chassis-1/blade-1/adaptor-1/host-eth-2" can be thought of as the following expression:
dn = <root object>/{rn}/{rn}/{rn}/{rn}/{rn}.
The rn can then be used to identify the object (for instance, "adaptor-1") within the context:
<... rn ="../" />

sacl

Type: mo:InstSaclType
Primitive Type: scalar:Bitmask8

Units: null

Encrypted: false

Access: implicit

Category: TopLevelSacl

Property Validators:

Comments:

The system acl property for each Managed Object. br/> This property is a 8 bit mask and supports the following values :-
a: del
b: mod
c: addchild
d: cascade

By default all Managed Objects have the following permissions
a: del
b: mod
c: addchild
This property is persisted in the db. If this property has a value none
it means, the user has read only permissions on this object.

Constants
none	0	NO COMMENTS
del	1	NO COMMENTS
mod	2	NO COMMENTS
addchild	4	NO COMMENTS
cascade	8	NO COMMENTS
DEFAULT	0	NO COMMENTS

status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null

Encrypted: false

Access: implicit

Category: TopLevelStatus

Property Validators:

Comments:

This property controls the life cycle of a managed object

Constants
removed	16u	In a setter method: specifies that an object should be removed. In the return value of a setter method: indicates that an object has been removed.
created	2u	In a setter method: specifies that an object should be created. An error is returned if the object already exists. In the return value of a setter method: indicates that an object has been created.
modified	4u	In a setter method: specifies that an object should be modified In the return value of a setter method: indicates that an object has been modified.
deleted	8u	In a setter method: specifies that an object should be deleted. In the return value of a setter method: indicates that an object has been deleted.
DEFAULT	0	This type controls the life cycle of objects passed in the XML API. When used in a setter method (such as configConfMo), the ModificationStatus specifies whether an object should be created, modified, deleted or removed. In the return value of a setter method, the ModificationStatus indicates the actual operation that was performed. For example, the ModificationStatus is set to "created" if the object was created. The ModificationStatus is not set if the object was neither created, modified, deleted or removed. When invoking a setter method, the ModificationStatus is optional: If a setter method such as configConfMo is invoked and the ModificationStatus is not set, the system automatically determines if the object should be created or modified.