1 karl 1.1.2.2 // Copyright (c) 2010 DMTF. All rights reserved.
2 [Version ( "2.27.0" ),
3 UMLPackagePath ( "CIM::User::Account" ),
4 Description (
5 "CIM_Account is the information held by a SecurityService to "
6 "track identity and privileges managed by that service. Common "
7 "examples of an Account are the entries in a UNIX /etc/passwd "
8 "file. Several kinds of security services use various "
9 "information from those entries - the /bin/login program uses "
10 "the account name (\'root\') and hashed password to "
11 "authenticate users, and the file service, for instance, uses "
12 "the UserID field (\'0\') and GroupID field (\'0\') to record "
13 "ownership and determine access control privileges on files in "
14 "the file system. This class is defined so as to incorporate "
15 "commonly-used LDAP attributes to permit implementations to "
16 "easily derive this information from LDAP-accessible "
17 "directories. \n"
18 "\n"
19 "The semantics of Account overlap with that of the class, "
20 "CIM_Identity. However, aspects of Account - such as its "
21 "specific tie to a System - are valuable and have been widely "
22 karl 1.1.2.2 "implemented. For this reason, the Account and Identity classes "
23 "are associated using a subclass of LogicalIdentity "
24 "(AccountIdentity), instead of deprecating the Account class in "
25 "the CIM Schema. When an Account has been authenticated, the "
26 "corresponding Identity\'s TrustEstablished Boolean would be "
27 "set to TRUE. Then, the Identity class can be used as defined "
28 "for authorization purposes." )]
29 class CIM_Account : CIM_EnabledLogicalElement {
30
31 [Key, Description ( "The scoping System\'s CCN." ),
32 MaxLen ( 256 ),
33 Propagated ( "CIM_System.CreationClassName" )]
34 string SystemCreationClassName;
35
36 [Key, Description ( "The scoping System\'s Name." ),
37 MaxLen ( 256 ),
38 Propagated ( "CIM_System.Name" )]
39 string SystemName;
40
41 [Key, Description (
42 "CreationClassName indicates the name of the class or the "
43 karl 1.1.2.2 "subclass used in the creation of an instance. When used "
44 "with the other key properties of this class, this "
45 "property allows all instances of this class and its "
46 "subclasses to be uniquely identified." ),
47 MaxLen ( 256 )]
48 string CreationClassName;
49
50 [Key, Override ( "Name" ),
51 Description (
52 "The Name property defines the label by which the object "
53 "is known. The value of this property may be set to be "
54 "the same as that of the UserID property or, in the case "
55 "of an LDAP-derived instance, the Name property value may "
56 "be set to the distinguishedName of the LDAP-accessed "
57 "object instance." ),
58 MaxLen ( 1024 )]
59 string Name;
60
61 [Description (
62 "UserID is the value used by the SecurityService to "
63 "represent identity. For an authentication service, the "
64 karl 1.1.2.2 "UserID may be the name of the user, or for an "
65 "authorization service the value which serves as a handle "
66 "to a mapping of the identity." ),
67 MaxLen ( 256 )]
68 string UserID;
69
70 [Description (
71 "In the case of an LDAP-derived instance, the ObjectClass "
72 "property value(s) may be set to the objectClass "
73 "attribute values." )]
74 string ObjectClass[];
75
76 [Description (
77 "The Descriptions property values may contain "
78 "human-readable descriptions of the object. In the case "
79 "of an LDAP-derived instance, the description attribute "
80 "may have multiple values that, therefore, cannot be "
81 "placed in the inherited Description property." ),
82 MaxLen ( 1024 )]
83 string Descriptions[];
84
85 karl 1.1.2.2 [Description (
86 "Based on RFC1274, the host name of the system(s) for "
87 "which the account applies. The host name may be a "
88 "fully-qualified DNS name or it may be an unqualified "
89 "host name." )]
90 string Host[];
91
92 [Description (
93 "This property contains the name of a locality, such as a "
94 "city, county or other geographic region." )]
95 string LocalityName[];
96
97 [Required, Description (
98 "The name of the organization related to the account." )]
99 string OrganizationName[];
100
101 [Description (
102 "The name of an organizational unit related to the account."
103 )]
104 string OU[];
105
106 karl 1.1.2.2 [Description (
107 "In the case of an LDAP-derived instance, the SeeAlso "
108 "property specifies distinguished name of other Directory "
109 "objects which may be other aspects (in some sense) of "
110 "the same real world object." )]
111 string SeeAlso[];
112
113 [Description (
114 "Based on inetOrgPerson and for directory compatibility, "
115 "the UserCertificate property may be used to specify a "
116 "public key certificate for the person." ),
117 OctetString]
118 string UserCertificate[];
119
120 [Description (
121 "In the case of an LDAP-derived instance, the "
122 "UserPassword property may contain an encrypted password "
123 "used to access the person\'s resources in a directory." ),
124 OctetString]
125 string UserPassword[];
126
127 karl 1.1.2.2 [Description (
128 "The encryption algorithm (if any) used by the client to "
129 "produce the value in the UserPassword property when "
130 "creating or modifying an instance of CIM_Account. The "
131 "original password is encrypted using the algorithm "
132 "specified in this property, and UserPassword contains "
133 "the resulting encrypted value. In response to an "
134 "operation request that would return the value of the "
135 "UserPassword property to a client, an implementation "
136 "shall instead return an array of length zero.\n"
137 "The value of UserPasswordEncryptionAlgorithm in an "
138 "instance of CIM_Account shall be 0 (\"None\") unless the "
139 "SupportedUserPasswordEncryptionAlgorithms[] property in "
140 "the CIM_AccountManagementCapabilities instance "
141 "associated with the CIM_AccountManagementService "
142 "instance associated with the CIM_Account instance "
143 "contains a non-null entry other than 0 (\"None\").\n"
144 "This property does not prevent the use of encryption at "
145 "the transport, network, or data-link layer to protect "
146 "communications between a management client and the "
147 "server, nor is it meant to encourage communications "
148 karl 1.1.2.2 "without such encryption.\n"
149 "The supported values for this property are:\n"
150 "- 0 (\"None\"): Indicates that the contents of "
151 "UserPassword are not encrypted.\n"
152 "- 1 (\"Other\"): Indicates that the contents of "
153 "UserPassword are encrypted using an algorithm not "
154 "specifically identified in the value map for this "
155 "property, and that this algorithm is described in OtherUserPasswordEncryptionAlgorithm.\n"
156 "- 2 (\"HTTP Digest MD5(A1)\"): The MD5 hash algorithm, "
157 "applied to the string A1 defined in RFC2617 as the "
158 "concatenation username-value \":\" realm-value \":\" "
159 "passwd, where username-value is provided by the client "
160 "as the value of the UserID property. passwd is the "
161 "underlying user password. realm-value is the HTTP digest "
162 "realm value, and is provided by the server. The "
163 "semantics of the HTTP digest realm are specified in RFC "
164 "2617. The server may surface the realm-value in the "
165 "UserPasswordEncryptionSalt property of "
166 "CIM_AccountManagementCapabilities." ),
167 ValueMap { "0", "1", "2", ".." },
168 Values { "None", "Other", "HTTP Digest MD5(A1)",
169 karl 1.1.2.2 "DMTF Reserved" },
170 ModelCorrespondence { "CIM_Account.UserPassword",
171 "CIM_Account.OtherUserPasswordEncryptionAlgorithm",
172 "CIM_AccountManagementCapabilities.SupportedUserPasswordEncryptionAlgorithms",
173 "CIM_AccountManagementCapabilities.UserPasswordEncryptionSalt" }]
174 uint16 UserPasswordEncryptionAlgorithm;
175
176 [Description (
177 "If the UserPasswordEncryptionAlgorithm property is set "
178 "to 1 (\"Other\") this property contains a free form "
179 "string that provides more information about the "
180 "encryption algorithm. If UserPasswordEncryptionAlgorithm "
181 "is not set to 1 (\"Other\") this property has no "
182 "meaning." ),
183 ModelCorrespondence {
184 "CIM_Account.UserPasswordEncryptionAlgorithm" }]
185 string OtherUserPasswordEncryptionAlgorithm;
186
187 [Description (
188 "ComplexPasswordRulesEnforced indicates the rules for "
189 "constructing a complex password enforced by the Account.\n"
190 karl 1.1.2.2 "Minimum Length a minimum length is enforced for "
191 "passwords for the account.\n"
192 "Preclude User ID inclusion precluding the password from "
193 "including the user ID is supported. \n"
194 "Maximum Repeating Characters a limit will be enforced on "
195 "the number of times a character can occur consecutively. \n"
196 "Lower Case Alpha at least one lower case alpha character "
197 "is required. \n"
198 "Upper Case Alpha at least one upper case alpha character "
199 "is required. \n"
200 "Numeric Character at least one numeric character is "
201 "required. \n"
202 "Special Character at least one special character is "
203 "required." ),
204 ValueMap { "2", "3", "4", "5", "6", "7", "8", "..",
205 "0x8000..0xFFFF" },
206 Values { "Minimum Length", "Preclude User ID Inclusion",
207 "Maximum Repeating Characters", "Lower Case Alpha",
208 "Upper Case Alpha", "Numeric Character",
209 "Special Character", "DMTF Reserved", "Vendor Reserved" }]
210 uint16 ComplexPasswordRulesEnforced[];
211 karl 1.1.2.2
212 [Description (
213 "InactivityTimeout specifies the interval after which if "
214 "an account has been inactive, it shall be Disabled. The "
215 "value may be expressed in interval format, as an "
216 "absolute date-time, or be NULL.\n"
217 "An absolute date-time shall indicate when the password "
218 "will be disabled due to inactivity.\n"
219 "An interval value shall indicate the time remaining "
220 "before the password is disabled due to inactivity.\n"
221 "A value of NULL shall indicate that the Account will not "
222 "be disabled due to inactivity." )]
223 datetime InactivityTimeout;
224
225 [Description (
226 "LastLogin shall be an absolute date-time that specifies "
227 "the last successful authentication that occurred for "
228 "this Account.A value of 99990101000000.000000+000 shall "
229 "indicate the Account has never been used. A value of "
230 "NULL shall indicate the last successful login is "
231 "unknown." )]
232 karl 1.1.2.2 datetime LastLogin;
233
234 [Description (
235 "MaximumSuccessiveLoginFailures indicates the number of "
236 "successive failed login attempts that shall result in "
237 "the Account being disabled. A value of zero shall "
238 "indicate that the Account will not be disabled due to "
239 "successive failed login attempts." )]
240 uint16 MaximumSuccessiveLoginFailures;
241
242 [Description (
243 "PasswordExpiration indicates the maximum password age "
244 "enforced for the Account. The value may be expressed as "
245 "an absolute date-time as an interval, or may be NULL.\n"
246 "An absolute date-time shall indicate the date and time "
247 "when the password will expire.\n"
248 "An interval value shall indicate the time remaining "
249 "until the password expires.\n"
250 "A value of NULL shall indicate the password never "
251 "expires." )]
252 datetime PasswordExpiration;
253 karl 1.1.2.2
254 [Description (
255 "PasswordHistoryDepth indicates the number of previous "
256 "passwords that shall be maintained for the Account. The "
257 "Account shall preclude the selection of a password if it "
258 "occurs in the password history. A value of zero shall "
259 "indicate that a password history is not maintained." )]
260 uint16 PasswordHistoryDepth;
261
262 [Description (
263 "UserPasswordEncoding specifies encoding used for the "
264 "UserPassword property.\r\n"
265 "\"kbd\" denotes a string in hexadecimal format "
266 "containing keyboard scan code input. An example of a "
267 "UserPassword structured in this format would be "
268 "\"321539191E1F1F11181320\", which is the representation "
269 "of \"my password\" in US English keyboard scan codes.\n"
270 "\"\rascii\" denotes clear text that complies with the "
271 "ASCII character set. An example would be \"my password\".\n"
272 "\"pin\" denotes that only numeric input in ASCII text is "
273 "allowed for the UserPassword. An example would be \"1234\".\n"
274 karl 1.1.2.2 "\"UTF-8\" denotes that the UserPassword is a Unicode "
275 "string that is encoded using UTF-8 character set.\n"
276 "\"UTF-16\" denotes that the UserPassword is a Unicode "
277 "string that is encoded using UTF-16 character set. The "
278 "byte order mark (BOM) shall be the first character of "
279 "the string.\n"
280 "\"UTF-16LE\" denotes that the UserPassword is a Unicode "
281 "string that is encoded using UTF-16 character set in "
282 "little-endian byte order.\n"
283 "\"UTF-16BE\" denotes that the UserPassword is a Unicode "
284 "string that is encoded using UTF-16 character set in "
285 "big-endian byte order.\n"
286 "\"UCS-2\" denotes that the UserPassword is a Unicode "
287 "string that is encoded using UCS-2 character set." ),
288 ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "..",
289 "65536..4294967295" },
290 Values { "ascii", "kbd", "pin", "UTF-8", "UTF-16",
291 "UTF-16LE", "UTF-16BE", "UCS-2", "DMTF Reserved",
292 "Vendor Reserved" }]
293 uint32 UserPasswordEncoding;
294
295 karl 1.1.2.2
296 };
|