1 <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="m-1">
2 <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">module iana-crypt-hash {
3 namespace "urn:ietf:params:xml:ns:yang:iana-crypt-hash";
9 " Internet Assigned Numbers Authority
12 12025 Waterfront Drive, Suite 300
13 Los Angeles, CA 90094-2536
17 E-Mail: iana@iana.org>";
19 "This YANG module defines a type for storing passwords
20 using a hash function and features to indicate which hash
21 functions are supported by an implementation.
23 The latest revision of this YANG module can be obtained from
26 Requests for new values should be made to IANA via
27 email (iana@iana.org).
29 Copyright (c) 2014 IETF Trust and the persons identified as
30 authors of the code. All rights reserved.
32 Redistribution and use in source and binary forms, with or
33 without modification, is permitted pursuant to, and subject
34 to the license terms contained in, the Simplified BSD License
35 set forth in Section 4.c of the IETF Trust's Legal Provisions
36 Relating to IETF Documents
37 (http://trustee.ietf.org/license-info).
39 The initial version of this YANG module is part of RFC 7317;
40 see the RFC itself for full legal notices.";
46 "RFC 7317: A YANG Data Model for System Management";
49 feature crypt-hash-md5 {
51 "Indicates that the device supports the MD5
52 hash function in 'crypt-hash' values.";
54 "RFC 1321: The MD5 Message-Digest Algorithm";
57 feature crypt-hash-sha-256 {
59 "Indicates that the device supports the SHA-256
60 hash function in 'crypt-hash' values.";
62 "FIPS.180-4.2012: Secure Hash Standard (SHS)";
65 feature crypt-hash-sha-512 {
67 "Indicates that the device supports the SHA-512
68 hash function in 'crypt-hash' values.";
70 "FIPS.180-4.2012: Secure Hash Standard (SHS)";
75 pattern "$0$.*|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}|$5$(rounds=\\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}|$6$(rounds=\\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}";
78 "The crypt-hash type is used to store passwords using
79 a hash function. The algorithms for applying the hash
80 function and encoding the result are implemented in
81 various UNIX systems as the function crypt(3).
83 A value of this type matches one of the forms:
85 $0$<clear text password>
86 $<id>$<salt>$<password hash>
87 $<id>$<parameter>$<salt>$<password hash>
89 The '$0$' prefix signals that the value is clear text. When
90 such a value is received by the server, a hash value is
91 calculated, and the string '$<id>$<salt>$' or
92 $<id>$<parameter>$<salt>$ is prepended to the result. This
93 value is stored in the configuration data store.
94 If a value starting with '$<id>$', where <id> is not '0', is
95 received, the server knows that the value already represents a
96 hashed value and stores it 'as is' in the data store.
98 When a server needs to verify a password given by a user, it
99 finds the stored password hash string for that user, extracts
100 the salt, and calculates the hash with the salt and given
101 password as input. If the calculated hash value is the same
102 as the stored value, the password given by the client is
105 This type defines the following hash functions:
107 id | hash function | feature
108 ---+---------------+-------------------
109 1 | MD5 | crypt-hash-md5
110 5 | SHA-256 | crypt-hash-sha-256
111 6 | SHA-512 | crypt-hash-sha-512
113 The server indicates support for the different hash functions
114 by advertising the corresponding feature.";
116 "IEEE Std 1003.1-2008 - crypt() function
117 RFC 1321: The MD5 Message-Digest Algorithm
118 FIPS.180-4.2012: Secure Hash Standard (SHS)";