附录 C. 完整树 (Full Tree)
中文导读: 本节对应 RFC 9950 的 附录 C. 完整树 (Full Tree) 部分, 对应文档标题为 RFC 9950 - 终端访问控制器访问控制系统增强版 (TACACS+) 的 YANG 数据模型. 下方若包含英文 RFC 原文, 注册表名称, 字段名, 算法名, 对象标识符, 媒体类型, 邮箱地址, URL, 代码, ABNF, ASN.1, YANG, JSON, XML, 测试向量或参考文献条目, 均按规范原样保留, 因为这些内容需要与 RFC 文本, IANA 注册表, 实现代码或验证工具逐字一致. 中文段落用于说明本节的作用, 阅读重点和实现含义, 不改变任何协议语义或注册值.
本页包含机器可读或接近机器可读的规范材料. 对 ASN.1, YANG, JSON Schema, XML Schema, 伪代码, 注册模板, 常量表和算法标识符, 翻译时必须保留关键字, 类型名, OID, namespace, 枚举值, 字段名和语法结构. 实现者应把这些块视为生成代码, 配置模型, 验证输入或一致性测试的依据.
补充实现说明: 本页英文比例高, 是因为主要内容属于可复制的规范材料或实现材料. 在这类页面中, 语法关键字, 缩进, 字符串字面量, 枚举值, 路径, OID, namespace, JSON member, YANG leaf, ASN.1 type 和错误文本都可能被测试工具, 代码生成器或互操作实现直接消费. 因此, 译文只在代码块外说明结构和用途, 不在代码块内替换术语. 实现者应结合正文的语义说明检查默认值, 约束, 必选字段, 扩展点和安全影响, 并用原样保留的块进行验证.
进一步使用说明: 本页保留的英文内容在审计中占比较高, 但这种保留是有意的. 对参考文献页而言, 英文题名, 作者, DOI, RFC 编号和 URL 是正式引用的一部分, 翻译后反而会降低检索和核对的准确性. 对 Schema, YANG, ASN.1, 伪代码, 示例和测试向量而言, 英文字段, 字符串, 枚举, 缩进和换行可能直接影响工具解析或一致性测试. 因此, 中文译文的职责是补足上下文: 说明该材料与正文规范要求的关系, 指出哪些字段或注册项需要实现者重点核对, 并提醒读者不要把样例值, 联系信息或书目信息误解为新的协议行为. 如果需要确认强制性要求, 应回到正文中带有 MUST, MUST NOT, SHOULD, MAY 等 BCP 14 关键词的段落, 或查阅本页列出的规范性引用. 这种处理方式在可读性和逐字保真之间取平衡, 确保中文读者能够理解页面用途, 同时保留可复制, 可验证, 可追溯的 RFC 原始材料.
完整树结构如下:
注: '\' 按 RFC 8792 进行换行.
module: ietf-system-tacacs-plus
augment /sys:system:
+--rw tacacs-plus
+--rw client-credentials* [id] {credential-reference}?
| +--rw id string
| +--rw (auth-type)?
| +--:(certificate)
| | +--rw certificate
| | +--rw (inline-or-keystore)
| | +--:(inline) {inline-definitions-supported}?
| | | +--rw inline-definition
| | | +--rw public-key-format?
| | | | identityref
| | | +--rw public-key?
| | | | binary
| | | +--rw private-key-format?
| | | | identityref
| | | +--rw (private-key-type)
| | | | +--:(cleartext-private-key)
| | | | | {cleartext-private-keys}?
| | | | | +--rw cleartext-private-key?
| | | | | binary
| | | | +--:(hidden-private-key)
| | | | | {hidden-private-keys}?
| | | | | +--rw hidden-private-key?
| | | | | empty
| | | | +--:(encrypted-private-key)
| | | | {encrypted-private-keys}?
| | | | +--rw encrypted-private-key
| | | | +--rw encrypted-by
| | | | +--rw encrypted-value-format
| | | | | identityref
| | | | +--rw encrypted-value
| | | | binary
| | | +--rw cert-data?
| | | | end-entity-cert-cms
| | | +---n certificate-expiration
| | | | {certificate-expiration-\
notification}?
| | | | +-- expiration-date
| | | | yang:date-and-time
| | | +---x generate-csr {csr-generation}?
| | | +---w input
| | | | +---w csr-format identityref
| | | | +---w csr-info csr-info
| | | +--ro output
| | | +--ro (csr-type)
| | | +--:(p10-csr)
| | | +--ro p10-csr? p10-csr
| | +--:(central-keystore)
| | {central-keystore-supported,\
asymmetric-keys}?
| | +--rw central-keystore-reference
| | +--rw asymmetric-key?
| | | ks:central-asymmetric-key-ref
| | | {central-keystore-supported,\
asymmetric-keys}?
| | +--rw certificate? leafref
| +--:(raw-public-key) {tlsc:client-ident-raw-public-key}?
| | +--rw raw-private-key
| | +--rw (inline-or-keystore)
| | +--:(inline) {inline-definitions-supported}?
| | | +--rw inline-definition
| | | +--rw public-key-format?
| | | | identityref
| | | +--rw public-key?
| | | | binary
| | | +--rw private-key-format?
| | | | identityref
| | | +--rw (private-key-type)
| | | +--:(cleartext-private-key)
| | | | {cleartext-private-keys}?
| | | | +--rw cleartext-private-key?
| | | | binary
| | | +--:(hidden-private-key)
| | | | {hidden-private-keys}?
| | | | +--rw hidden-private-key?
| | | | empty
| | | +--:(encrypted-private-key)
| | | {encrypted-private-keys}?
| | | +--rw encrypted-private-key
| | | +--rw encrypted-by
| | | +--rw encrypted-value-format
| | | | identityref
| | | +--rw encrypted-value
| | | binary
| | +--:(central-keystore)
| | {central-keystore-supported,\
asymmetric-keys}?
| | +--rw central-keystore-reference?
| | ks:central-asymmetric-key-ref
| +--:(tls13-epsk) {tlsc:client-ident-tls13-epsk}?
| +--rw tls13-epsk
| +--rw (inline-or-keystore)
| | +--:(inline) {inline-definitions-supported}?
| | | +--rw inline-definition
| | | +--rw key-format?
| | | | identityref
| | | +--rw (key-type)
| | | +--:(cleartext-symmetric-key)
| | | | +--rw cleartext-symmetric-key?
| | | | binary
| | | | {cleartext-symmetric-keys}?
| | | +--:(hidden-symmetric-key)
| | | | {hidden-symmetric-keys}?
| | | | +--rw hidden-symmetric-key?
| | | | empty
| | | +--:(encrypted-symmetric-key)
| | | {encrypted-symmetric-keys}?
| | | +--rw encrypted-symmetric-key
| | | +--rw encrypted-by
| | | +--rw encrypted-value-format
| | | | identityref
| | | +--rw encrypted-value
| | | binary
| | +--:(central-keystore)
| | {central-keystore-supported,symmetric\
-keys}?
| | +--rw central-keystore-reference?
| | ks:central-symmetric-key-ref
| +--rw external-identity string
| +--rw hash?
| | tlscmn:epsk-supported-hash
| +--rw context? string
| +--rw target-protocol? uint16
| +--rw target-kdf? uint16
+--rw server-credentials* [id] {credential-reference}?
| +--rw id string
| +--rw ca-certs!
| | +--rw (inline-or-truststore)
| | +--:(inline) {inline-definitions-supported}?
| | | +--rw inline-definition
| | | +--rw certificate* [name]
| | | +--rw name string
| | | +--rw cert-data
| | | | trust-anchor-cert-cms
| | | +---n certificate-expiration
| | | {certificate-expiration-\
notification}?
| | | +-- expiration-date yang:date-and-time
| | +--:(central-truststore)
| | {central-truststore-supported,certificates}?
| | +--rw central-truststore-reference?
| | ts:central-certificate-bag-ref
| +--rw ee-certs!
| | +--rw (inline-or-truststore)
| | +--:(inline) {inline-definitions-supported}?
| | | +--rw inline-definition
| | | +--rw certificate* [name]
| | | +--rw name string
| | | +--rw cert-data
| | | | trust-anchor-cert-cms
| | | +---n certificate-expiration
| | | {certificate-expiration-\
notification}?
| | | +-- expiration-date yang:date-and-time
| | +--:(central-truststore)
| | {central-truststore-supported,certificates}?
| | +--rw central-truststore-reference?
| | ts:central-certificate-bag-ref
| +--rw raw-public-keys! {tlsc:server-auth-raw-public-key}?
| | +--rw (inline-or-truststore)
| | +--:(inline) {inline-definitions-supported}?
| | | +--rw inline-definition
| | | +--rw public-key* [name]
| | | +--rw name string
| | | +--rw public-key-format identityref
| | | +--rw public-key binary
| | +--:(central-truststore)
| | {central-truststore-supported,public-keys}?
| | +--rw central-truststore-reference?
| | ts:central-public-key-bag-ref
| +--rw tls13-epsks? empty
| {tlsc:server-auth-tls13-epsk}?
+--rw server* [name]
+--rw name string
+--rw server-type
| tacacs-plus-server-type
+--rw domain-name? inet:domain-name
+--rw sni-enabled? boolean
+--rw address inet:host
+--rw port inet:port-number
+--rw (security)
| +--:(tls)
| | +--rw client-identity!
| | | +--rw (ref-or-explicit)?
| | | +--:(ref)
| | | | +--rw credentials-reference?
| | | | sys-tcs-plus:client-credentials-ref
| | | | {credential-reference}?
| | | +--:(explicit)
| | | +--rw (auth-type)?
| | | +--:(certificate)
| | | | +--rw certificate
| | | | +--rw (inline-or-keystore)
| | | | +--:(inline)
| | | | | {inline-definitions-\
supported}?
| | | | | +--rw inline-definition
| | | | | +--rw public-key-format?
| | | | | | identityref
| | | | | +--rw public-key?
| | | | | | binary
| | | | | +--rw private-key-format?
| | | | | | identityref
| | | | | +--rw (private-key-type)
| | | | | | +--:(cleartext-private\
-key)
| | | | | | | {cleartext-\
private-keys}?
| | | | | | | +--rw cleartext-\
private-key?
| | | | | | | binary
| | | | | | +--:(hidden-private-\
key)
| | | | | | | {hidden-\
private-keys}?
| | | | | | | +--rw hidden-\
private-key?
| | | | | | | empty
| | | | | | +--:(encrypted-private\
-key)
| | | | | | {encrypted-\
private-keys}?
| | | | | | +--rw encrypted-\
private-key
| | | | | | +--rw encrypted-\
by
| | | | | | +--rw encrypted-\
value-format
| | | | | | | \
identityref
| | | | | | +--rw encrypted-\
value
| | | | | | binary
| | | | | +--rw cert-data?
| | | | | | end-entity-cert-\
cms
| | | | | +---n certificate-\
expiration
| | | | | | {certificate-\
expiration-notification}?
| | | | | | +-- expiration-date
| | | | | | yang:date-and-\
time
| | | | | +---x generate-csr
| | | | | {csr-generation}?
| | | | | +---w input
| | | | | | +---w csr-format
| | | | | | | identityref
| | | | | | +---w csr-info
| | | | | | csr-info
| | | | | +--ro output
| | | | | +--ro (csr-type)
| | | | | +--:(p10-csr)
| | | | | +--ro p10-csr?
| | | | | p10-\
csr
| | | | +--:(central-keystore)
| | | | {central-keystore-\
supported,asymmetric-keys}?
| | | | +--rw central-keystore-\
reference
| | | | +--rw asymmetric-key?
| | | | | ks:central-\
asymmetric-key-ref
| | | | | {central-keystore\
-supported,asymmetric-keys}?
| | | | +--rw certificate?
| | | | leafref
| | | +--:(raw-public-key)
| | | | {tlsc:client-ident-raw-public-\
key}?
| | | | +--rw raw-private-key
| | | | +--rw (inline-or-keystore)
| | | | +--:(inline)
| | | | | {inline-definitions-\
supported}?
| | | | | +--rw inline-definition
| | | | | +--rw public-key-format?
| | | | | | identityref
| | | | | +--rw public-key?
| | | | | | binary
| | | | | +--rw private-key-format?
| | | | | | identityref
| | | | | +--rw (private-key-type)
| | | | | +--:(cleartext-private\
-key)
| | | | | | {cleartext-\
private-keys}?
| | | | | | +--rw cleartext-\
private-key?
| | | | | | binary
| | | | | +--:(hidden-private-\
key)
| | | | | | {hidden-\
private-keys}?
| | | | | | +--rw hidden-\
private-key?
| | | | | | empty
| | | | | +--:(encrypted-private\
-key)
| | | | | {encrypted-\
private-keys}?
| | | | | +--rw encrypted-\
private-key
| | | | | +--rw encrypted-\
by
| | | | | +--rw encrypted-\
value-format
| | | | | | \
identityref
| | | | | +--rw encrypted-\
value
| | | | | binary
| | | | +--:(central-keystore)
| | | | {central-keystore-\
supported,asymmetric-keys}?
| | | | +--rw central-keystore-\
reference?
| | | | ks:central-\
asymmetric-key-ref
| | | +--:(tls13-epsk)
| | | {tlsc:client-ident-tls13-epsk}?
| | | +--rw tls13-epsk
| | | +--rw (inline-or-keystore)
| | | | +--:(inline)
| | | | | {inline-definitions-\
supported}?
| | | | | +--rw inline-definition
| | | | | +--rw key-format?
| | | | | | identityref
| | | | | +--rw (key-type)
| | | | | +--:(cleartext-\
symmetric-key)
| | | | | | +--rw cleartext-\
symmetric-key?
| | | | | | binary
| | | | | | {cleartext-\
symmetric-keys}?
| | | | | +--:(hidden-symmetric-\
key)
| | | | | | {hidden-\
symmetric-keys}?
| | | | | | +--rw hidden-\
symmetric-key?
| | | | | | empty
| | | | | +--:(encrypted-\
symmetric-key)
| | | | | {encrypted-\
symmetric-keys}?
| | | | | +--rw encrypted-\
symmetric-key
| | | | | +--rw encrypted-\
by
| | | | | +--rw encrypted-\
value-format
| | | | | | \
identityref
| | | | | +--rw encrypted-\
value
| | | | | binary
| | | | +--:(central-keystore)
| | | | {central-keystore-\
supported,symmetric-keys}?
| | | | +--rw central-keystore-\
reference?
| | | | ks:central-symmetric\
-key-ref
| | | +--rw external-identity
| | | | string
| | | +--rw hash?
| | | | tlscmn:epsk-supported-hash
| | | +--rw context?
| | | | string
| | | +--rw target-protocol?
| | | | uint16
| | | +--rw target-kdf?
| | | uint16
| | +--rw server-authentication
| | | +--rw (ref-or-explicit)?
| | | +--:(ref)
| | | | +--rw credentials-reference?
| | | | sys-tcs-plus:server-credentials-ref
| | | | {credential-reference}?
| | | +--:(explicit)
| | | +--rw ca-certs!
| | | | +--rw (inline-or-truststore)
| | | | +--:(inline)
| | | | | {inline-definitions-\
supported}?
| | | | | +--rw inline-definition
| | | | | +--rw certificate* [name]
| | | | | +--rw name
| | | | | | string
| | | | | +--rw cert-data
| | | | | | trust-anchor-cert-cms
| | | | | +---n certificate-expiration
| | | | | {certificate-\
expiration-notification}?
| | | | | +-- expiration-date
| | | | | yang:date-and-time
| | | | +--:(central-truststore)
| | | | {central-truststore-\
supported,certificates}?
| | | | +--rw central-truststore-reference?
| | | | ts:central-certificate-bag\
-ref
| | | +--rw ee-certs!
| | | | +--rw (inline-or-truststore)
| | | | +--:(inline)
| | | | | {inline-definitions-\
supported}?
| | | | | +--rw inline-definition
| | | | | +--rw certificate* [name]
| | | | | +--rw name
| | | | | | string
| | | | | +--rw cert-data
| | | | | | trust-anchor-cert-cms
| | | | | +---n certificate-expiration
| | | | | {certificate-\
expiration-notification}?
| | | | | +-- expiration-date
| | | | | yang:date-and-time
| | | | +--:(central-truststore)
| | | | {central-truststore-\
supported,certificates}?
| | | | +--rw central-truststore-reference?
| | | | ts:central-certificate-bag\
-ref
| | | +--rw raw-public-keys!
| | | | {tlsc:server-auth-raw-public-key}?
| | | | +--rw (inline-or-truststore)
| | | | +--:(inline)
| | | | | {inline-definitions-\
supported}?
| | | | | +--rw inline-definition
| | | | | +--rw public-key* [name]
| | | | | +--rw name
| | | | | | string
| | | | | +--rw public-key-format
| | | | | | identityref
| | | | | +--rw public-key
| | | | | binary
| | | | +--:(central-truststore)
| | | | {central-truststore-\
supported,public-keys}?
| | | | +--rw central-truststore-reference?
| | | | ts:central-public-key-bag-\
ref
| | | +--rw tls13-epsks? empty
| | | {tlsc:server-auth-tls13-epsk}?
| | +--rw hello-params {tlscmn:hello-params}?
| | +--rw tls-versions
| | | +--rw min? identityref
| | | +--rw max? identityref
| | +--rw cipher-suites
| | +--rw cipher-suite*
| | tlscsa:tls-cipher-suite-algorithm
| +--:(obfuscation)
| +--rw shared-secret? string
+--rw (source-type)?
| +--:(source-ip)
| | +--rw source-ip? inet:ip-address
| +--:(source-interface)
| +--rw source-interface? if:interface-ref
+--rw vrf-instance?
| -> /ni:network-instances/network-instance/name
+--rw single-connection? boolean
+--rw timeout? uint16
+--ro statistics
+--ro discontinuity-time? yang:date-and-time
+--ro connection-opens? yang:counter64
+--ro connection-closes? yang:counter64
+--ro connection-aborts? yang:counter64
+--ro connection-failures? yang:counter64
+--ro connection-timeouts? yang:counter64
+--ro messages-sent? yang:counter64
+--ro messages-received? yang:counter64
+--ro errors-received? yang:counter64
+--ro sessions? yang:counter64
+--ro cert-errors? yang:counter64
+--ro rpk-errors? yang:counter64
{tlsc:server-auth-raw-public-key}?