1 krisbash 1.1 // Copyright (c) 2010 DMTF. All rights reserved.
2 [Version ( "2.27.0" ),
3 UMLPackagePath ( "CIM::User::Account" ),
4 Description (
5 "CIM_Account is the information held by a SecurityService to "
6 "track identity and privileges managed by that service. Common "
7 "examples of an Account are the entries in a UNIX /etc/passwd "
8 "file. Several kinds of security services use various "
9 "information from those entries - the /bin/login program uses "
10 "the account name (\'root\') and hashed password to "
11 "authenticate users, and the file service, for instance, uses "
12 "the UserID field (\'0\') and GroupID field (\'0\') to record "
13 "ownership and determine access control privileges on files in "
14 "the file system. This class is defined so as to incorporate "
15 "commonly-used LDAP attributes to permit implementations to "
16 "easily derive this information from LDAP-accessible "
17 "directories. \n"
18 "\n"
19 "The semantics of Account overlap with that of the class, "
20 "CIM_Identity. However, aspects of Account - such as its "
21 "specific tie to a System - are valuable and have been widely "
22 krisbash 1.1 "implemented. For this reason, the Account and Identity classes "
23 "are associated using a subclass of LogicalIdentity "
24 "(AccountIdentity), instead of deprecating the Account class in "
25 "the CIM Schema. When an Account has been authenticated, the "
26 "corresponding Identity\'s TrustEstablished Boolean would be "
27 "set to TRUE. Then, the Identity class can be used as defined "
28 "for authorization purposes." )]
29 class CIM_Account : CIM_EnabledLogicalElement {
30
31 [Key, Description ( "The scoping System\'s CCN." ),
32 MaxLen ( 256 ),
33 Propagated ( "CIM_System.CreationClassName" )]
34 string SystemCreationClassName;
35
36 [Key, Description ( "The scoping System\'s Name." ),
37 MaxLen ( 256 ),
38 Propagated ( "CIM_System.Name" )]
39 string SystemName;
40
41 [Key, Description (
42 "CreationClassName indicates the name of the class or the "
43 krisbash 1.1 "subclass used in the creation of an instance. When used "
44 "with the other key properties of this class, this "
45 "property allows all instances of this class and its "
46 "subclasses to be uniquely identified." ),
47 MaxLen ( 256 )]
48 string CreationClassName;
49
50 [Key, Override ( "Name" ),
51 Description (
52 "The Name property defines the label by which the object "
53 "is known. The value of this property may be set to be "
54 "the same as that of the UserID property or, in the case "
55 "of an LDAP-derived instance, the Name property value may "
56 "be set to the distinguishedName of the LDAP-accessed "
57 "object instance." ),
58 MaxLen ( 1024 )]
59 string Name;
60
61 [Description (
62 "UserID is the value used by the SecurityService to "
63 "represent identity. For an authentication service, the "
64 krisbash 1.1 "UserID may be the name of the user, or for an "
65 "authorization service the value which serves as a handle "
66 "to a mapping of the identity." ),
67 MaxLen ( 256 )]
68 string UserID;
69
70 [Description (
71 "In the case of an LDAP-derived instance, the ObjectClass "
72 "property value(s) may be set to the objectClass "
73 "attribute values." )]
74 string ObjectClass[];
75
76 [Description (
77 "The Descriptions property values may contain "
78 "human-readable descriptions of the object. In the case "
79 "of an LDAP-derived instance, the description attribute "
80 "may have multiple values that, therefore, cannot be "
81 "placed in the inherited Description property." ),
82 MaxLen ( 1024 )]
83 string Descriptions[];
84
85 krisbash 1.1 [Description (
86 "Based on RFC1274, the host name of the system(s) for "
87 "which the account applies. The host name may be a "
88 "fully-qualified DNS name or it may be an unqualified "
89 "host name." )]
90 string Host[];
91
92 [Description (
93 "This property contains the name of a locality, such as a "
94 "city, county or other geographic region." )]
95 string LocalityName[];
96
97 [Required, Description (
98 "The name of the organization related to the account." )]
99 string OrganizationName[];
100
101 [Description (
102 "The name of an organizational unit related to the account."
103 )]
104 string OU[];
105
106 krisbash 1.1 [Description (
107 "In the case of an LDAP-derived instance, the SeeAlso "
108 "property specifies distinguished name of other Directory "
109 "objects which may be other aspects (in some sense) of "
110 "the same real world object." )]
111 string SeeAlso[];
112
113 [Description (
114 "Based on inetOrgPerson and for directory compatibility, "
115 "the UserCertificate property may be used to specify a "
116 "public key certificate for the person." ),
117 OctetString]
118 string UserCertificate[];
119
120 [Description (
121 "In the case of an LDAP-derived instance, the "
122 "UserPassword property may contain an encrypted password "
123 "used to access the person\'s resources in a directory." ),
124 OctetString]
125 string UserPassword[];
126
127 krisbash 1.1 [Description (
128 "PasswordHistoryDepth indicates the number of previous "
129 "passwords that shall be maintained for the Account. The "
130 "Account shall preclude the selection of a password if it "
131 "occurs in the password history. A value of zero shall "
132 "indicate that a password history is not maintained." )]
133 uint16 PasswordHistoryDepth;
134
135 [Description (
136 "PasswordExpiration indicates the maximum password age "
137 "enforced for the Account. The value may be expressed as "
138 "an absolute date-time as an interval, or may be NULL.\n"
139 "An absolute date-time shall indicate the date and time "
140 "when the password will expire.\n"
141 "An interval value shall indicate the time remaining "
142 "until the password expires.\n"
143 "A value of NULL shall indicate the password never "
144 "expires." )]
145 datetime PasswordExpiration;
146
147 [Description (
148 krisbash 1.1 "ComplexPasswordRulesEnforced indicates the rules for "
149 "constructing a complex password enforced by the Account.\n"
150 "Minimum Length a minimum length is enforced for "
151 "passwords for the account.\n"
152 "Preclude User ID inclusion precluding the password from "
153 "including the user ID is supported. \n"
154 "Maximum Repeating Characters a limit will be enforced on "
155 "the number of times a character can occur consecutively. \n"
156 "Lower Case Alpha at least one lower case alpha character "
157 "is required. \n"
158 "Upper Case Alpha at least one upper case alpha character "
159 "is required. \n"
160 "Numeric Character at least one numeric character is "
161 "required. \n"
162 "Special Character at least one special character is "
163 "required." ),
164 ValueMap { "2", "3", "4", "5", "6", "7", "8", "..",
165 "0x8000..0xFFFF" },
166 Values { "Minimum Length", "Preclude User ID Inclusion",
167 "Maximum Repeating Characters", "Lower Case Alpha",
168 "Upper Case Alpha", "Numeric Character",
169 krisbash 1.1 "Special Character", "DMTF Reserved", "Vendor Reserved" }]
170 uint16 ComplexPasswordRulesEnforced[];
171
172 [Description (
173 "InactivityTimeout specifies the interval after which if "
174 "an account has been inactive, it shall be Disabled. The "
175 "value may be expressed in interval format, as an "
176 "absolute date-time, or be NULL.\n"
177 "An absolute date-time shall indicate when the password "
178 "will be disabled due to inactivity.\n"
179 "An interval value shall indicate the time remaining "
180 "before the password is disabled due to inactivity.\n"
181 "A value of NULL shall indicate that the Account will not "
182 "be disabled due to inactivity." )]
183 datetime InactivityTimeout;
184
185 [Description (
186 "MaximumSuccessiveLoginFailures indicates the number of "
187 "successive failed login attempts that shall result in "
188 "the Account being disabled. A value of zero shall "
189 "indicate that the Account will not be disabled due to "
190 krisbash 1.1 "successive failed login attempts." )]
191 uint16 MaximumSuccessiveLoginFailures;
192
193 [Description (
194 "LastLogin shall be an absolute date-time that specifies "
195 "the last successful authentication that occurred for "
196 "this Account.A value of 99990101000000.000000+000 shall "
197 "indicate the Account has never been used. A value of "
198 "NULL shall indicate the last successful login is "
199 "unknown." )]
200 datetime LastLogin;
201
202 [Description (
203 "The encryption algorithm (if any) used by the client to "
204 "produce the value in the UserPassword property when "
205 "creating or modifying an instance of CIM_Account. The "
206 "original password is encrypted using the algorithm "
207 "specified in this property, and UserPassword contains "
208 "the resulting encrypted value. In response to an "
209 "operation request that would return the value of the "
210 "UserPassword property to a client, an implementation "
211 krisbash 1.1 "shall instead return an array of length zero.\n"
212 "The value of UserPasswordEncryptionAlgorithm in an "
213 "instance of CIM_Account shall be 0 (\"None\") unless the "
214 "SupportedUserPasswordEncryptionAlgorithms[] property in "
215 "the CIM_AccountManagementCapabilities instance "
216 "associated with the CIM_AccountManagementService "
217 "instance associated with the CIM_Account instance "
218 "contains a non-null entry other than 0 (\"None\").\n"
219 "This property does not prevent the use of encryption at "
220 "the transport, network, or data-link layer to protect "
221 "communications between a management client and the "
222 "server, nor is it meant to encourage communications "
223 "without such encryption.\n"
224 "The supported values for this property are:\n"
225 "- 0 (\"None\"): Indicates that the contents of "
226 "UserPassword are not encrypted.\n"
227 "- 1 (\"Other\"): Indicates that the contents of "
228 "UserPassword are encrypted using an algorithm not "
229 "specifically identified in the value map for this "
230 "property, and that this algorithm is described in OtherUserPasswordEncryptionAlgorithm.\n"
231 "- 2 (\"HTTP Digest MD5(A1)\"): The MD5 hash algorithm, "
232 krisbash 1.1 "applied to the string A1 defined in RFC2617 as the "
233 "concatenation username-value \":\" realm-value \":\" "
234 "passwd, where username-value is provided by the client "
235 "as the value of the UserID property. passwd is the "
236 "underlying user password. realm-value is the HTTP digest "
237 "realm value, and is provided by the server. The "
238 "semantics of the HTTP digest realm are specified in RFC "
239 "2617. The server may surface the realm-value in the "
240 "UserPasswordEncryptionSalt property of "
241 "CIM_AccountManagementCapabilities." ),
242 ValueMap { "0", "1", "2", ".." },
243 Values { "None", "Other", "HTTP Digest MD5(A1)",
244 "DMTF Reserved" },
245 ModelCorrespondence { "CIM_Account.UserPassword",
246 "CIM_Account.OtherUserPasswordEncryptionAlgorithm",
247 "CIM_AccountManagementCapabilities.SupportedUserPasswordEncryptionAlgorithms",
248 "CIM_AccountManagementCapabilities.UserPasswordEncryptionSalt" }]
249 uint16 UserPasswordEncryptionAlgorithm;
250
251 [Description (
252 "If the UserPasswordEncryptionAlgorithm property is set "
253 krisbash 1.1 "to 1 (\"Other\") this property contains a free form "
254 "string that provides more information about the "
255 "encryption algorithm. If UserPasswordEncryptionAlgorithm "
256 "is not set to 1 (\"Other\") this property has no "
257 "meaning." ),
258 ModelCorrespondence {
259 "CIM_Account.UserPasswordEncryptionAlgorithm" }]
260 string OtherUserPasswordEncryptionAlgorithm;
261
262 [Description (
263 "UserPasswordEncoding specifies encoding used for the "
264 "UserPassword property.\r\n"
265 "\"kbd\" denotes a string in hexadecimal format "
266 "containing keyboard scan code input. An example of a "
267 "UserPassword structured in this format would be "
268 "\"321539191E1F1F11181320\", which is the representation "
269 "of \"my password\" in US English keyboard scan codes.\n"
270 "\"\rascii\" denotes clear text that complies with the "
271 "ASCII character set. An example would be \"my password\".\n"
272 "\"pin\" denotes that only numeric input in ASCII text is "
273 "allowed for the UserPassword. An example would be \"1234\".\n"
274 krisbash 1.1 "\"UTF-8\" denotes that the UserPassword is a Unicode "
275 "string that is encoded using UTF-8 character set.\n"
276 "\"UTF-16\" denotes that the UserPassword is a Unicode "
277 "string that is encoded using UTF-16 character set. The "
278 "byte order mark (BOM) shall be the first character of "
279 "the string.\n"
280 "\"UTF-16LE\" denotes that the UserPassword is a Unicode "
281 "string that is encoded using UTF-16 character set in "
282 "little-endian byte order.\n"
283 "\"UTF-16BE\" denotes that the UserPassword is a Unicode "
284 "string that is encoded using UTF-16 character set in "
285 "big-endian byte order.\n"
286 "\"UCS-2\" denotes that the UserPassword is a Unicode "
287 "string that is encoded using UCS-2 character set." ),
288 ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "..",
289 "65536..4294967295" },
290 Values { "ascii", "kbd", "pin", "UTF-8", "UTF-16",
291 "UTF-16LE", "UTF-16BE", "UCS-2", "DMTF Reserved",
292 "Vendor Reserved" }]
293 uint32 UserPasswordEncoding;
294
295 krisbash 1.1
296 };
|