Since ConfD support SSH at a minimum, looks like every request needs to be authenticated separately.
Is there any way to reuse a session once authenticated (similar to maapi) where once authenticated, only some form of token obtained from the first authentication can be sent?
Not per request, only per SSH session.
You can try this yourself:
Terminal window 1:
$ pwd
$CONFD_DIR/examples.confd/intro/1-2-3-start-query-model
$ make clean all start
...
Terminal window 2:
Edit confd.conf and enable the NETCONF trace log by adding the following:
<netconfTraceLog>
<enabled>true</enabled>
<filename>./netconf.trace</filename>
<format>pretty</format>
</netconfTraceLog>
Then run the netconf-console tool that comes with ConfD to <EDIT-CONFIG> and <GET>:
$ netconf-console -i
* Enter a NETCONF operation, end with an empty line
<edit-config>
<target>
<running/>
</target>
<config>
<dhcp xmlns="http://tail-f.com/ns/example/dhcpd"
xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<defaultLeaseTime nc:operation="merge">
PT1H
</defaultLeaseTime>
</dhcp>
</config>
</edit-config>
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<ok/>
</rpc-reply>
* Enter a NETCONF operation, end with an empty line
<get>
<filter xmlns="http://tail-f.com/ns/example/dhcpd">
<dhcp/>
</filter>
</get>
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<data>
<dhcp xmlns="http://tail-f.com/ns/example/dhcpd">
<defaultLeaseTime>PT1H</defaultLeaseTime>
</dhcp>
</data>
</rpc-reply>
Terminal window 3:
$ tail -n 100 $CONFD_DIR/examples.confd/intro/1-2-3-start-query-model/netconf.trace
**> sess:11 new session
16-Sep-2015::15:35:17.460 **< sess:11 write:
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:base:1.1</capability>
<capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability>
<capability>urn:ietf:params:netconf:capability:xpath:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.1</capability>
<capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</capability>
<capability>http://tail-f.com/ns/netconf/actions/1.0</capability>
<capability>http://tail-f.com/ns/netconf/extensions</capability>
<capability>urn:ietf:params:netconf:capability:with-defaults:1.0?basic-mode=explicit&also-supported=report-all-tagged</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults?revision=2011-06-01&module=ietf-netconf-with-defaults</capability>
<capability>http://tail-f.com/ns/aaa/1.1?module=tailf-aaa&revision=2015-06-16</capability>
<capability>http://tail-f.com/ns/example/dhcpd?module=dhcpd</capability>
<capability>http://tail-f.com/ns/example/dhcpd2?module=dhcpd2</capability>
<capability>http://tail-f.com/ns/webui?module=tailf-webui&revision=2013-03-07</capability>
<capability>http://tail-f.com/yang/acm?module=tailf-acm&revision=2013-03-07</capability>
<capability>http://tail-f.com/yang/common-monitoring?module=tailf-common-monitoring&revision=2013-06-14</capability>
<capability>http://tail-f.com/yang/confd-monitoring?module=tailf-confd-monitoring&revision=2013-06-14</capability>
<capability>http://tail-f.com/yang/netconf-monitoring?module=tailf-netconf-monitoring&revision=2014-11-13</capability>
<capability>urn:ietf:params:xml:ns:yang:iana-crypt-hash?module=iana-crypt-hash&revision=2014-04-04&features=crypt-hash-sha-512,crypt-hash-sha-256,crypt-hash-md5</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&revision=2013-07-15</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-acm?module=ietf-netconf-acm&revision=2012-02-22</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring?module=ietf-netconf-monitoring&revision=2010-10-04</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-notifications?module=ietf-netconf-notifications&revision=2012-02-06</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-yang-types?module=ietf-yang-types&revision=2013-07-15</capability>
</capabilities>
<session-id>11</session-id>
</hello>
16-Sep-2015::15:35:17.468 **> sess:11 read:
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:base:1.1</capability>
</capabilities>
</hello>
]]>]]>
#451
<rpc message-id="2" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<dhcp xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="http://tail-f.com/ns/example/dhcpd">
<defaultLeaseTime nc:operation="merge">
PT1H
</defaultLeaseTime>
</dhcp>
</config>
</edit-config>
</rpc>
16-Sep-2015::15:36:12.621 **< sess:11 write:
<rpc-reply message-id="2" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
##
#224
<rpc message-id="2" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get>
<filter xmlns="http://tail-f.com/ns/example/dhcpd">
<dhcp/>
</filter>
</get>
</rpc>
16-Sep-2015::15:36:39.069 **< sess:11 write:
<rpc-reply message-id="2" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<dhcp xmlns="http://tail-f.com/ns/example/dhcpd">
<defaultLeaseTime>PT1H</defaultLeaseTime>
</dhcp>
</data>
</rpc-reply>NETCONF is session oriented. Once authenticated via SSH, you are good to go without authenticating for each request until you explicitly close the session.