Return to
CIM_Account.mof
CVS log
Up to [OMI] / omi / share / networkschema
|
Return to
CIM_Account.mof
CVS log
|
Up to [OMI] / omi / share / networkschema
|
|
File: [OMI] / omi / share / networkschema / CIM_Account.mof
(download)
Revision: 1.1, Mon Apr 20 17:20:13 2015 UTC (9 years, 2 months ago) by krisbash Branch: MAIN CVS Tags: OMI_1_0_8_2, OMI_1_0_8_1, HEAD OMI 1.0.8-1 |
// Copyright (c) 2010 DMTF. All rights reserved.
[Version ( "2.27.0" ),
UMLPackagePath ( "CIM::User::Account" ),
Description (
"CIM_Account is the information held by a SecurityService to "
"track identity and privileges managed by that service. Common "
"examples of an Account are the entries in a UNIX /etc/passwd "
"file. Several kinds of security services use various "
"information from those entries - the /bin/login program uses "
"the account name (\'root\') and hashed password to "
"authenticate users, and the file service, for instance, uses "
"the UserID field (\'0\') and GroupID field (\'0\') to record "
"ownership and determine access control privileges on files in "
"the file system. This class is defined so as to incorporate "
"commonly-used LDAP attributes to permit implementations to "
"easily derive this information from LDAP-accessible "
"directories. \n"
"\n"
"The semantics of Account overlap with that of the class, "
"CIM_Identity. However, aspects of Account - such as its "
"specific tie to a System - are valuable and have been widely "
"implemented. For this reason, the Account and Identity classes "
"are associated using a subclass of LogicalIdentity "
"(AccountIdentity), instead of deprecating the Account class in "
"the CIM Schema. When an Account has been authenticated, the "
"corresponding Identity\'s TrustEstablished Boolean would be "
"set to TRUE. Then, the Identity class can be used as defined "
"for authorization purposes." )]
class CIM_Account : CIM_EnabledLogicalElement {
[Key, Description ( "The scoping System\'s CCN." ),
MaxLen ( 256 ),
Propagated ( "CIM_System.CreationClassName" )]
string SystemCreationClassName;
[Key, Description ( "The scoping System\'s Name." ),
MaxLen ( 256 ),
Propagated ( "CIM_System.Name" )]
string SystemName;
[Key, Description (
"CreationClassName indicates the name of the class or the "
"subclass used in the creation of an instance. When used "
"with the other key properties of this class, this "
"property allows all instances of this class and its "
"subclasses to be uniquely identified." ),
MaxLen ( 256 )]
string CreationClassName;
[Key, Override ( "Name" ),
Description (
"The Name property defines the label by which the object "
"is known. The value of this property may be set to be "
"the same as that of the UserID property or, in the case "
"of an LDAP-derived instance, the Name property value may "
"be set to the distinguishedName of the LDAP-accessed "
"object instance." ),
MaxLen ( 1024 )]
string Name;
[Description (
"UserID is the value used by the SecurityService to "
"represent identity. For an authentication service, the "
"UserID may be the name of the user, or for an "
"authorization service the value which serves as a handle "
"to a mapping of the identity." ),
MaxLen ( 256 )]
string UserID;
[Description (
"In the case of an LDAP-derived instance, the ObjectClass "
"property value(s) may be set to the objectClass "
"attribute values." )]
string ObjectClass[];
[Description (
"The Descriptions property values may contain "
"human-readable descriptions of the object. In the case "
"of an LDAP-derived instance, the description attribute "
"may have multiple values that, therefore, cannot be "
"placed in the inherited Description property." ),
MaxLen ( 1024 )]
string Descriptions[];
[Description (
"Based on RFC1274, the host name of the system(s) for "
"which the account applies. The host name may be a "
"fully-qualified DNS name or it may be an unqualified "
"host name." )]
string Host[];
[Description (
"This property contains the name of a locality, such as a "
"city, county or other geographic region." )]
string LocalityName[];
[Required, Description (
"The name of the organization related to the account." )]
string OrganizationName[];
[Description (
"The name of an organizational unit related to the account."
)]
string OU[];
[Description (
"In the case of an LDAP-derived instance, the SeeAlso "
"property specifies distinguished name of other Directory "
"objects which may be other aspects (in some sense) of "
"the same real world object." )]
string SeeAlso[];
[Description (
"Based on inetOrgPerson and for directory compatibility, "
"the UserCertificate property may be used to specify a "
"public key certificate for the person." ),
OctetString]
string UserCertificate[];
[Description (
"In the case of an LDAP-derived instance, the "
"UserPassword property may contain an encrypted password "
"used to access the person\'s resources in a directory." ),
OctetString]
string UserPassword[];
[Description (
"PasswordHistoryDepth indicates the number of previous "
"passwords that shall be maintained for the Account. The "
"Account shall preclude the selection of a password if it "
"occurs in the password history. A value of zero shall "
"indicate that a password history is not maintained." )]
uint16 PasswordHistoryDepth;
[Description (
"PasswordExpiration indicates the maximum password age "
"enforced for the Account. The value may be expressed as "
"an absolute date-time as an interval, or may be NULL.\n"
"An absolute date-time shall indicate the date and time "
"when the password will expire.\n"
"An interval value shall indicate the time remaining "
"until the password expires.\n"
"A value of NULL shall indicate the password never "
"expires." )]
datetime PasswordExpiration;
[Description (
"ComplexPasswordRulesEnforced indicates the rules for "
"constructing a complex password enforced by the Account.\n"
"Minimum Length a minimum length is enforced for "
"passwords for the account.\n"
"Preclude User ID inclusion precluding the password from "
"including the user ID is supported. \n"
"Maximum Repeating Characters a limit will be enforced on "
"the number of times a character can occur consecutively. \n"
"Lower Case Alpha at least one lower case alpha character "
"is required. \n"
"Upper Case Alpha at least one upper case alpha character "
"is required. \n"
"Numeric Character at least one numeric character is "
"required. \n"
"Special Character at least one special character is "
"required." ),
ValueMap { "2", "3", "4", "5", "6", "7", "8", "..",
"0x8000..0xFFFF" },
Values { "Minimum Length", "Preclude User ID Inclusion",
"Maximum Repeating Characters", "Lower Case Alpha",
"Upper Case Alpha", "Numeric Character",
"Special Character", "DMTF Reserved", "Vendor Reserved" }]
uint16 ComplexPasswordRulesEnforced[];
[Description (
"InactivityTimeout specifies the interval after which if "
"an account has been inactive, it shall be Disabled. The "
"value may be expressed in interval format, as an "
"absolute date-time, or be NULL.\n"
"An absolute date-time shall indicate when the password "
"will be disabled due to inactivity.\n"
"An interval value shall indicate the time remaining "
"before the password is disabled due to inactivity.\n"
"A value of NULL shall indicate that the Account will not "
"be disabled due to inactivity." )]
datetime InactivityTimeout;
[Description (
"MaximumSuccessiveLoginFailures indicates the number of "
"successive failed login attempts that shall result in "
"the Account being disabled. A value of zero shall "
"indicate that the Account will not be disabled due to "
"successive failed login attempts." )]
uint16 MaximumSuccessiveLoginFailures;
[Description (
"LastLogin shall be an absolute date-time that specifies "
"the last successful authentication that occurred for "
"this Account.A value of 99990101000000.000000+000 shall "
"indicate the Account has never been used. A value of "
"NULL shall indicate the last successful login is "
"unknown." )]
datetime LastLogin;
[Description (
"The encryption algorithm (if any) used by the client to "
"produce the value in the UserPassword property when "
"creating or modifying an instance of CIM_Account. The "
"original password is encrypted using the algorithm "
"specified in this property, and UserPassword contains "
"the resulting encrypted value. In response to an "
"operation request that would return the value of the "
"UserPassword property to a client, an implementation "
"shall instead return an array of length zero.\n"
"The value of UserPasswordEncryptionAlgorithm in an "
"instance of CIM_Account shall be 0 (\"None\") unless the "
"SupportedUserPasswordEncryptionAlgorithms[] property in "
"the CIM_AccountManagementCapabilities instance "
"associated with the CIM_AccountManagementService "
"instance associated with the CIM_Account instance "
"contains a non-null entry other than 0 (\"None\").\n"
"This property does not prevent the use of encryption at "
"the transport, network, or data-link layer to protect "
"communications between a management client and the "
"server, nor is it meant to encourage communications "
"without such encryption.\n"
"The supported values for this property are:\n"
"- 0 (\"None\"): Indicates that the contents of "
"UserPassword are not encrypted.\n"
"- 1 (\"Other\"): Indicates that the contents of "
"UserPassword are encrypted using an algorithm not "
"specifically identified in the value map for this "
"property, and that this algorithm is described in OtherUserPasswordEncryptionAlgorithm.\n"
"- 2 (\"HTTP Digest MD5(A1)\"): The MD5 hash algorithm, "
"applied to the string A1 defined in RFC2617 as the "
"concatenation username-value \":\" realm-value \":\" "
"passwd, where username-value is provided by the client "
"as the value of the UserID property. passwd is the "
"underlying user password. realm-value is the HTTP digest "
"realm value, and is provided by the server. The "
"semantics of the HTTP digest realm are specified in RFC "
"2617. The server may surface the realm-value in the "
"UserPasswordEncryptionSalt property of "
"CIM_AccountManagementCapabilities." ),
ValueMap { "0", "1", "2", ".." },
Values { "None", "Other", "HTTP Digest MD5(A1)",
"DMTF Reserved" },
ModelCorrespondence { "CIM_Account.UserPassword",
"CIM_Account.OtherUserPasswordEncryptionAlgorithm",
"CIM_AccountManagementCapabilities.SupportedUserPasswordEncryptionAlgorithms",
"CIM_AccountManagementCapabilities.UserPasswordEncryptionSalt" }]
uint16 UserPasswordEncryptionAlgorithm;
[Description (
"If the UserPasswordEncryptionAlgorithm property is set "
"to 1 (\"Other\") this property contains a free form "
"string that provides more information about the "
"encryption algorithm. If UserPasswordEncryptionAlgorithm "
"is not set to 1 (\"Other\") this property has no "
"meaning." ),
ModelCorrespondence {
"CIM_Account.UserPasswordEncryptionAlgorithm" }]
string OtherUserPasswordEncryptionAlgorithm;
[Description (
"UserPasswordEncoding specifies encoding used for the "
"UserPassword property.\r\n"
"\"kbd\" denotes a string in hexadecimal format "
"containing keyboard scan code input. An example of a "
"UserPassword structured in this format would be "
"\"321539191E1F1F11181320\", which is the representation "
"of \"my password\" in US English keyboard scan codes.\n"
"\"\rascii\" denotes clear text that complies with the "
"ASCII character set. An example would be \"my password\".\n"
"\"pin\" denotes that only numeric input in ASCII text is "
"allowed for the UserPassword. An example would be \"1234\".\n"
"\"UTF-8\" denotes that the UserPassword is a Unicode "
"string that is encoded using UTF-8 character set.\n"
"\"UTF-16\" denotes that the UserPassword is a Unicode "
"string that is encoded using UTF-16 character set. The "
"byte order mark (BOM) shall be the first character of "
"the string.\n"
"\"UTF-16LE\" denotes that the UserPassword is a Unicode "
"string that is encoded using UTF-16 character set in "
"little-endian byte order.\n"
"\"UTF-16BE\" denotes that the UserPassword is a Unicode "
"string that is encoded using UTF-16 character set in "
"big-endian byte order.\n"
"\"UCS-2\" denotes that the UserPassword is a Unicode "
"string that is encoded using UCS-2 character set." ),
ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "..",
"65536..4294967295" },
Values { "ascii", "kbd", "pin", "UTF-8", "UTF-16",
"UTF-16LE", "UTF-16BE", "UCS-2", "DMTF Reserved",
"Vendor Reserved" }]
uint32 UserPasswordEncoding;
};
| ViewCVS 0.9.2 |