212 lines
11 KiB
Plaintext
212 lines
11 KiB
Plaintext
// Copyright (c) 2009 DMTF. All rights reserved.
|
|
[Version ( "2.22.0" ),
|
|
UMLPackagePath ( "CIM::Network::IEEE8021x" ),
|
|
Description (
|
|
"IEEE8021xSettings specifies a set of IEEE 802.1x Port-Based "
|
|
"Network Access Control settings that can be applied to a ISO "
|
|
"OSI layer 2 ProtocolEndpoint." )]
|
|
class CIM_IEEE8021xSettings : CIM_SettingData {
|
|
|
|
[Description (
|
|
"AuthenticationProtocol shall indicate the desired EAP "
|
|
"(Extensible Authentication Protocol) type.\n"
|
|
"\t* EAP-TLS (0): shall indicate that the desired EAP "
|
|
"type is the Transport Layer Security EAP type specified "
|
|
"in RFC 2716. If AuthenticationProtocol contains 0, "
|
|
"Username should not be null, ServerCertificateName and "
|
|
"ServerCertificateNameComparison may be null or not null, "
|
|
"and RoamingIdentity, Password, Domain, "
|
|
"ProtectedAccessCredential, PACPassword, and PSK should "
|
|
"be null.\n"
|
|
"\t* EAP-TTLS/MSCHAPv2 (1): shall indicate that the "
|
|
"desired EAP type is the Tunneled TLS Authentication "
|
|
"Protocol EAP type specified in "
|
|
"draft-ietf-pppext-eap-ttls, with Microsoft PPP CHAP "
|
|
"Extensions, Version 2 (MSCHAPv2) as the inner "
|
|
"authentication method. If AuthenticationProtocol "
|
|
"contains 1, Username and Password should not be null, "
|
|
"RoamingIdentity, ServerCertificateName, "
|
|
"ServerCertificateNameComparison, and Domain may be null "
|
|
"or not null, and ProtectedAccessCredential, PACPassword, "
|
|
"and PSK should be null.\n"
|
|
"\t* PEAPv0/EAP-MSCHAPv2 (2): shall indicate that the "
|
|
"desired EAP type is the Protected Extensible "
|
|
"Authentication Protocol (PEAP) Version 0 EAP type "
|
|
"specified in draft-kamath-pppext-peapv0, with Microsoft "
|
|
"PPP CHAP Extensions, Version 2 (MSCHAPv2) as the inner "
|
|
"authentication method. If AuthenticationProtocol "
|
|
"contains2, Username and Password should not be null, "
|
|
"RoamingIdentity, ServerCertificateName, "
|
|
"ServerCertificateNameComparison, and Domain may be null "
|
|
"or not null, and ProtectedAccessCredential, PACPassword, "
|
|
"and PSK should be null.\n"
|
|
"\t* PEAPv1/EAP-GTC (3): shall indicate that the desired "
|
|
"EAP type is the Protected Extensible Authentication "
|
|
"Protocol (PEAP) Version 1 EAP type specified in "
|
|
"draft-josefsson-pppext-eap-tls-eap, with Generic Token "
|
|
"Card (GTC) as the inner authentication method. If "
|
|
"AuthenticationProtocol contains 3, Username and Password "
|
|
"should not be null, RoamingIdentity, "
|
|
"ServerCertificateName, ServerCertificateNameComparison, "
|
|
"and Domain may be null or not null, and "
|
|
"ProtectedAccessCredential, PACPassword, and PSK should "
|
|
"be null.\n"
|
|
"\t* EAP-FAST/MSCHAPv2 (4): shall indicate that the "
|
|
"desired EAP type is the Flexible Authentication "
|
|
"Extensible Authentication Protocol EAP type specified in "
|
|
"IETF RFC 4851, with Microsoft PPP CHAP Extensions, "
|
|
"Version 2 (MSCHAPv2) as the inner authentication method. "
|
|
"If AuthenticationProtocol contains 4, Username and "
|
|
"Password should not be null, RoamingIdentity, "
|
|
"ServerCertificateName, ServerCertificateNameComparison, "
|
|
"Domain, ProtectedAccessCredential, and PACPassword may "
|
|
"be null or not null, and PSK should be null.\n"
|
|
"\t* EAP-FAST/GTC (5): shall indicate that the desired "
|
|
"EAP type is the Flexible Authentication Extensible "
|
|
"Authentication Protocol EAP type specified in IETF RFC "
|
|
"4851, with Generic Token Card (GTC) as the inner "
|
|
"authentication method. If AuthenticationProtocol "
|
|
"contains 5, Username and Password should not be null, "
|
|
"RoamingIdentity, ServerCertificateName, "
|
|
"ServerCertificateNameComparison, Domain, "
|
|
"ProtectedAccessCredential, and PACPassword may be null "
|
|
"or not null, and PSK should be null.\n"
|
|
"\t* EAP-MD5 (6): shall indicate that the desired EAP "
|
|
"type is the EAP MD5 authentication method, specified in "
|
|
"RFC 3748. If AuthenticationProtocol contains 6, Username "
|
|
"and Password should not be null, Domain may be null or "
|
|
"not null, and RoamingIdentity, ServerCertificateName, "
|
|
"ServerCertificateNameComparison, "
|
|
"ProtectedAccessCredential, PACPassword, and PSK should "
|
|
"be null.\n"
|
|
"\t* EAP-PSK (7): shall indicate that the desired EAP "
|
|
"type is the EAP-PSK (Pre-Shared Key) EAP type specified "
|
|
"in RFC 4764. If AuthenticationProtocol contains 7, "
|
|
"Username and PSK should not be null, Domain and "
|
|
"RoamingIdentity may be null or not null, and Password, "
|
|
"ServerCertificateName, ServerCertificateNameComparison, "
|
|
"ProtectedAccessCredential, and PACPassword should be null.\n"
|
|
"\t* EAP-SIM (8): shall indicate that the desired EAP "
|
|
"type is the Extensible Authentication Protocol Method "
|
|
"for Global System for Mobile Communications (GSM) "
|
|
"Subscriber Identity Modules (EAP-SIM), specified in RFC "
|
|
"4186. If AuthenticationProtocol contains 8, Username and "
|
|
"PSK should not be null, Domain and RoamingIdentity may "
|
|
"be null or not null, and Password, "
|
|
"ServerCertificateName, ServerCertificateNameComparison, "
|
|
"ProtectedAccessCredential, and PACPassword should be null.\n"
|
|
"\t* EAP-AKA (9): shall indicate that the desired EAP "
|
|
"type is the EAP Method for 3rd Generation Authentication "
|
|
"and Key Agreement (EAP-AKA), specified in RFC 4187. If "
|
|
"AuthenticationProtocol contains 9, Username and PSK "
|
|
"should not be null, Domain and RoamingIdentity may be "
|
|
"null or not null, and Password, ServerCertificateName, "
|
|
"ServerCertificateNameComparison, "
|
|
"ProtectedAccessCredential, and PACPassword should be null.\n"
|
|
"\t* EAP-FAST/TLS (10): shall indicate that the desired "
|
|
"EAP type is the Flexible Authentication EAP type "
|
|
"specified in IETF RFC 4851, with TLS as the inner "
|
|
"authentication method. If AuthenticationProtocol "
|
|
"contains 10, Username and Password should not be null, "
|
|
"RoamingIdentity, ServerCertificateName, "
|
|
"ServerCertificateNameComparison, Domain, "
|
|
"ProtectedAccessCredential, and PACPassword may be null "
|
|
"or not null, and PSK should be null." ),
|
|
ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
|
|
"10", ".." },
|
|
Values { "EAP-TLS", "EAP-TTLS/MSCHAPv2",
|
|
"PEAPv0/EAP-MSCHAPv2", "PEAPv1/EAP-GTC",
|
|
"EAP-FAST/MSCHAPv2", "EAP-FAST/GTC", "EAP-MD5", "EAP-PSK",
|
|
"EAP-SIM", "EAP-AKA", "EAP-FAST/TLS", "DMTF Reserved" },
|
|
MappingStrings { "RFC4017.IETF", "RFC2716.IETF",
|
|
"draft-ietf-pppext-eap-ttls.IETF",
|
|
"draft-kamath-pppext-peapv0.IETF",
|
|
"draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF",
|
|
"RFC3748.IETF", "RFC4764.IETF", "RFC4186.IETF",
|
|
"RFC4187.IETF" }]
|
|
uint16 AuthenticationProtocol;
|
|
|
|
[Description (
|
|
"A string presented to the authentication server in "
|
|
"802.1x protocol exchange. The AAA server determines the "
|
|
"format of this string. Formats supported by AAA servers "
|
|
"include: <domain>\\<username>, <username>@<domain>." )]
|
|
string RoamingIdentity;
|
|
|
|
[Description (
|
|
"The name that shall be compared against the subject name "
|
|
"field in the certificate provided by the AAA server. "
|
|
"Shall contain either the fully qualified domain name of "
|
|
"the AAA server, in which case "
|
|
"ServerCertificateNameComparison shall contain "
|
|
"\"FullName\", or the domain suffix of the AAA server, in "
|
|
"which case ServerCertificateNameComparison shall contain "
|
|
"\"DomainSuffix\"." ),
|
|
ModelCorrespondence {
|
|
"CIM_IEEE8021xSettings.ServerCertificateNameComparison" }]
|
|
string ServerCertificateName;
|
|
|
|
[Description (
|
|
"The comparison algorithm that shall be used by the "
|
|
"server to validate the subject name field of the "
|
|
"certificate presented by the AAA server against the "
|
|
"value of the ServerCertificateName property." ),
|
|
ValueMap { "1", "2", "3", ".." },
|
|
Values { "Other", "FullName", "DomainSuffix", "DMTF Reserved" },
|
|
ModelCorrespondence {
|
|
"CIM_IEEE8021xSettings.ServerCertificateName" }]
|
|
uint16 ServerCertificateNameComparison;
|
|
|
|
[Description (
|
|
"Identifies the user requesting access to the network." ),
|
|
MappingStrings { "RFC2716.IETF",
|
|
"draft-ietf-pppext-eap-ttls.IETF",
|
|
"draft-kamath-pppext-peapv0.IETF",
|
|
"draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF",
|
|
"RFC3748.IETF", "RFC4764.IETF", "RFC4186.IETF",
|
|
"RFC4187.IETF" },
|
|
MaxLen ( 512 )]
|
|
string Username;
|
|
|
|
[Description (
|
|
"A password associated with the user identified by "
|
|
"Username within Domain." ),
|
|
MappingStrings { "draft-ietf-pppext-eap-ttls.IETF",
|
|
"draft-kamath-pppext-peapv0.IETF",
|
|
"draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF",
|
|
"RFC3748.IETF" }]
|
|
string Password;
|
|
|
|
[Description (
|
|
"The domain (also known as realm) within which Username is unique."
|
|
),
|
|
MappingStrings { "draft-ietf-pppext-eap-ttls.IETF",
|
|
"draft-kamath-pppext-peapv0.IETF",
|
|
"draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF",
|
|
"RFC3748.IETF", "RFC4764.IETF", "RFC4186.IETF",
|
|
"RFC4187.IETF" }]
|
|
string Domain;
|
|
|
|
[Description (
|
|
"A credential used by the supplicant and AAA server to "
|
|
"establish a mutually authenticated encrypted tunnel for "
|
|
"confidential user authentication." ),
|
|
OctetString, MappingStrings { "RFC4851.IETF" }]
|
|
uint8 ProtectedAccessCredential[];
|
|
|
|
[Description (
|
|
"Optional password to extract the PAC (Protected Access "
|
|
"Credential) information from the PAC data." ),
|
|
MappingStrings { "RFC4851.IETF" }]
|
|
string PACPassword;
|
|
|
|
[Description (
|
|
"A pre-shared key used for pre-shared key EAP types such "
|
|
"as EAP-PSK, EAP-SIM, and EAP-AKA." ),
|
|
OctetString, MappingStrings { "RFC4764.IETF", "RFC4186.IETF",
|
|
"RFC4187.IETF" }]
|
|
uint8 PSK[];
|
|
|
|
|
|
};
|