summaryrefslogtreecommitdiffstats
path: root/Schemas/CIM228/DMTF/Network/CIM_IEEE8021xSettings.mof
diff options
context:
space:
mode:
Diffstat (limited to 'Schemas/CIM228/DMTF/Network/CIM_IEEE8021xSettings.mof')
-rw-r--r--Schemas/CIM228/DMTF/Network/CIM_IEEE8021xSettings.mof210
1 files changed, 210 insertions, 0 deletions
diff --git a/Schemas/CIM228/DMTF/Network/CIM_IEEE8021xSettings.mof b/Schemas/CIM228/DMTF/Network/CIM_IEEE8021xSettings.mof
new file mode 100644
index 0000000..d19585c
--- /dev/null
+++ b/Schemas/CIM228/DMTF/Network/CIM_IEEE8021xSettings.mof
@@ -0,0 +1,210 @@
+// Copyright (c) 2009 DMTF. All rights reserved.
+ [Version ( "2.22.0" ),
+ UMLPackagePath ( "CIM::Network::IEEE8021x" ),
+ Description (
+ "IEEE8021xSettings specifies a set of IEEE 802.1x Port-Based "
+ "Network Access Control settings that can be applied to a ISO "
+ "OSI layer 2 ProtocolEndpoint." )]
+class CIM_IEEE8021xSettings : CIM_SettingData {
+
+ [Description (
+ "AuthenticationProtocol shall indicate the desired EAP "
+ "(Extensible Authentication Protocol) type.\n"
+ "\t* EAP-TLS (0): shall indicate that the desired EAP "
+ "type is the Transport Layer Security EAP type specified "
+ "in RFC 2716. If AuthenticationProtocol contains 0, "
+ "Username should not be null, ServerCertificateName and "
+ "ServerCertificateNameComparison may be null or not null, "
+ "and RoamingIdentity, Password, Domain, "
+ "ProtectedAccessCredential, PACPassword, and PSK should "
+ "be null.\n"
+ "\t* EAP-TTLS/MSCHAPv2 (1): shall indicate that the "
+ "desired EAP type is the Tunneled TLS Authentication "
+ "Protocol EAP type specified in "
+ "draft-ietf-pppext-eap-ttls, with Microsoft PPP CHAP "
+ "Extensions, Version 2 (MSCHAPv2) as the inner "
+ "authentication method. If AuthenticationProtocol "
+ "contains 1, Username and Password should not be null, "
+ "RoamingIdentity, ServerCertificateName, "
+ "ServerCertificateNameComparison, and Domain may be null "
+ "or not null, and ProtectedAccessCredential, PACPassword, "
+ "and PSK should be null.\n"
+ "\t* PEAPv0/EAP-MSCHAPv2 (2): shall indicate that the "
+ "desired EAP type is the Protected Extensible "
+ "Authentication Protocol (PEAP) Version 0 EAP type "
+ "specified in draft-kamath-pppext-peapv0, with Microsoft "
+ "PPP CHAP Extensions, Version 2 (MSCHAPv2) as the inner "
+ "authentication method. If AuthenticationProtocol "
+ "contains2, Username and Password should not be null, "
+ "RoamingIdentity, ServerCertificateName, "
+ "ServerCertificateNameComparison, and Domain may be null "
+ "or not null, and ProtectedAccessCredential, PACPassword, "
+ "and PSK should be null.\n"
+ "\t* PEAPv1/EAP-GTC (3): shall indicate that the desired "
+ "EAP type is the Protected Extensible Authentication "
+ "Protocol (PEAP) Version 1 EAP type specified in "
+ "draft-josefsson-pppext-eap-tls-eap, with Generic Token "
+ "Card (GTC) as the inner authentication method. If "
+ "AuthenticationProtocol contains 3, Username and Password "
+ "should not be null, RoamingIdentity, "
+ "ServerCertificateName, ServerCertificateNameComparison, "
+ "and Domain may be null or not null, and "
+ "ProtectedAccessCredential, PACPassword, and PSK should "
+ "be null.\n"
+ "\t* EAP-FAST/MSCHAPv2 (4): shall indicate that the "
+ "desired EAP type is the Flexible Authentication "
+ "Extensible Authentication Protocol EAP type specified in "
+ "IETF RFC 4851, with Microsoft PPP CHAP Extensions, "
+ "Version 2 (MSCHAPv2) as the inner authentication method. "
+ "If AuthenticationProtocol contains 4, Username and "
+ "Password should not be null, RoamingIdentity, "
+ "ServerCertificateName, ServerCertificateNameComparison, "
+ "Domain, ProtectedAccessCredential, and PACPassword may "
+ "be null or not null, and PSK should be null.\n"
+ "\t* EAP-FAST/GTC (5): shall indicate that the desired "
+ "EAP type is the Flexible Authentication Extensible "
+ "Authentication Protocol EAP type specified in IETF RFC "
+ "4851, with Generic Token Card (GTC) as the inner "
+ "authentication method. If AuthenticationProtocol "
+ "contains 5, Username and Password should not be null, "
+ "RoamingIdentity, ServerCertificateName, "
+ "ServerCertificateNameComparison, Domain, "
+ "ProtectedAccessCredential, and PACPassword may be null "
+ "or not null, and PSK should be null.\n"
+ "\t* EAP-MD5 (6): shall indicate that the desired EAP "
+ "type is the EAP MD5 authentication method, specified in "
+ "RFC 3748. If AuthenticationProtocol contains 6, Username "
+ "and Password should not be null, Domain may be null or "
+ "not null, and RoamingIdentity, ServerCertificateName, "
+ "ServerCertificateNameComparison, "
+ "ProtectedAccessCredential, PACPassword, and PSK should "
+ "be null.\n"
+ "\t* EAP-PSK (7): shall indicate that the desired EAP "
+ "type is the EAP-PSK (Pre-Shared Key) EAP type specified "
+ "in RFC 4764. If AuthenticationProtocol contains 7, "
+ "Username and PSK should not be null, Domain and "
+ "RoamingIdentity may be null or not null, and Password, "
+ "ServerCertificateName, ServerCertificateNameComparison, "
+ "ProtectedAccessCredential, and PACPassword should be null.\n"
+ "\t* EAP-SIM (8): shall indicate that the desired EAP "
+ "type is the Extensible Authentication Protocol Method "
+ "for Global System for Mobile Communications (GSM) "
+ "Subscriber Identity Modules (EAP-SIM), specified in RFC "
+ "4186. If AuthenticationProtocol contains 8, Username and "
+ "PSK should not be null, Domain and RoamingIdentity may "
+ "be null or not null, and Password, "
+ "ServerCertificateName, ServerCertificateNameComparison, "
+ "ProtectedAccessCredential, and PACPassword should be null.\n"
+ "\t* EAP-AKA (9): shall indicate that the desired EAP "
+ "type is the EAP Method for 3rd Generation Authentication "
+ "and Key Agreement (EAP-AKA), specified in RFC 4187. If "
+ "AuthenticationProtocol contains 9, Username and PSK "
+ "should not be null, Domain and RoamingIdentity may be "
+ "null or not null, and Password, ServerCertificateName, "
+ "ServerCertificateNameComparison, "
+ "ProtectedAccessCredential, and PACPassword should be null.\n"
+ "\t* EAP-FAST/TLS (10): shall indicate that the desired "
+ "EAP type is the Flexible Authentication EAP type "
+ "specified in IETF RFC 4851, with TLS as the inner "
+ "authentication method. If AuthenticationProtocol "
+ "contains 10, Username and Password should not be null, "
+ "RoamingIdentity, ServerCertificateName, "
+ "ServerCertificateNameComparison, Domain, "
+ "ProtectedAccessCredential, and PACPassword may be null "
+ "or not null, and PSK should be null." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
+ "10", ".." },
+ Values { "EAP-TLS", "EAP-TTLS/MSCHAPv2",
+ "PEAPv0/EAP-MSCHAPv2", "PEAPv1/EAP-GTC",
+ "EAP-FAST/MSCHAPv2", "EAP-FAST/GTC", "EAP-MD5", "EAP-PSK",
+ "EAP-SIM", "EAP-AKA", "EAP-FAST/TLS", "DMTF Reserved" },
+ MappingStrings { "RFC4017.IETF", "RFC2716.IETF",
+ "draft-ietf-pppext-eap-ttls.IETF",
+ "draft-kamath-pppext-peapv0.IETF",
+ "draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF",
+ "RFC3748.IETF", "RFC4764.IETF", "RFC4186.IETF",
+ "RFC4187.IETF" }]
+ uint16 AuthenticationProtocol;
+
+ [Description (
+ "A string presented to the authentication server in "
+ "802.1x protocol exchange. The AAA server determines the "
+ "format of this string. Formats supported by AAA servers "
+ "include: <domain>\\<username>, <username>@<domain>." )]
+ string RoamingIdentity;
+
+ [Description (
+ "The name that shall be compared against the subject name "
+ "field in the certificate provided by the AAA server. "
+ "Shall contain either the fully qualified domain name of "
+ "the AAA server, in which case "
+ "ServerCertificateNameComparison shall contain "
+ "\"FullName\", or the domain suffix of the AAA server, in "
+ "which case ServerCertificateNameComparison shall contain "
+ "\"DomainSuffix\"." ),
+ ModelCorrespondence {
+ "CIM_IEEE8021xSettings.ServerCertificateNameComparison" }]
+ string ServerCertificateName;
+
+ [Description (
+ "The comparison algorithm that shall be used by the "
+ "server to validate the subject name field of the "
+ "certificate presented by the AAA server against the "
+ "value of the ServerCertificateName property." ),
+ ValueMap { "1", "2", "3", ".." },
+ Values { "Other", "FullName", "DomainSuffix", "DMTF Reserved" },
+ ModelCorrespondence {
+ "CIM_IEEE8021xSettings.ServerCertificateName" }]
+ uint16 ServerCertificateNameComparison;
+
+ [Description (
+ "Identifies the user requesting access to the network." ),
+ MappingStrings { "RFC2716.IETF",
+ "draft-ietf-pppext-eap-ttls.IETF",
+ "draft-kamath-pppext-peapv0.IETF",
+ "draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF",
+ "RFC3748.IETF", "RFC4764.IETF", "RFC4186.IETF",
+ "RFC4187.IETF" }]
+ string Username;
+
+ [Description (
+ "A password associated with the user identified by "
+ "Username within Domain." ),
+ MappingStrings { "draft-ietf-pppext-eap-ttls.IETF",
+ "draft-kamath-pppext-peapv0.IETF",
+ "draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF",
+ "RFC3748.IETF" }]
+ string Password;
+
+ [Description (
+ "The domain (also known as realm) within which Username is unique."
+ ),
+ MappingStrings { "draft-ietf-pppext-eap-ttls.IETF",
+ "draft-kamath-pppext-peapv0.IETF",
+ "draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF",
+ "RFC3748.IETF", "RFC4764.IETF", "RFC4186.IETF",
+ "RFC4187.IETF" }]
+ string Domain;
+
+ [Description (
+ "A credential used by the supplicant and AAA server to "
+ "establish a mutually authenticated encrypted tunnel for "
+ "confidential user authentication." ),
+ OctetString, MappingStrings { "RFC4851.IETF" }]
+ uint8 ProtectedAccessCredential[];
+
+ [Description (
+ "Optional password to extract the PAC (Protected Access "
+ "Credential) information from the PAC data." ),
+ MappingStrings { "RFC4851.IETF" }]
+ string PACPassword;
+
+ [Description (
+ "A pre-shared key used for pre-shared key EAP types such "
+ "as EAP-PSK, EAP-SIM, and EAP-AKA." ),
+ OctetString, MappingStrings { "RFC4764.IETF", "RFC4186.IETF",
+ "RFC4187.IETF" }]
+ uint8 PSK[];
+
+
+};