1135f7de5SShteryana Shopova.\"- 2135f7de5SShteryana Shopova.\" Copyright (C) 2010 The FreeBSD Foundation 3135f7de5SShteryana Shopova.\" All rights reserved. 4135f7de5SShteryana Shopova.\" 5135f7de5SShteryana Shopova.\" This documentation was written by Shteryana Sotirova Shopova under 6135f7de5SShteryana Shopova.\" sponsorship from the FreeBSD Foundation. 7135f7de5SShteryana Shopova.\" 8135f7de5SShteryana Shopova.\" Redistribution and use in source and binary forms, with or without 9135f7de5SShteryana Shopova.\" modification, are permitted provided that the following conditions 10135f7de5SShteryana Shopova.\" are met: 11135f7de5SShteryana Shopova.\" 1. Redistributions of source code must retain the above copyright 12135f7de5SShteryana Shopova.\" notice, this list of conditions and the following disclaimer. 13135f7de5SShteryana Shopova.\" 2. Redistributions in binary form must reproduce the above copyright 14135f7de5SShteryana Shopova.\" notice, this list of conditions and the following disclaimer in the 15135f7de5SShteryana Shopova.\" documentation and/or other materials provided with the distribution. 16135f7de5SShteryana Shopova.\" 17135f7de5SShteryana Shopova.\" THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18135f7de5SShteryana Shopova.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19135f7de5SShteryana Shopova.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20135f7de5SShteryana Shopova.\" ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 21135f7de5SShteryana Shopova.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22135f7de5SShteryana Shopova.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23135f7de5SShteryana Shopova.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24135f7de5SShteryana Shopova.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25135f7de5SShteryana Shopova.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26135f7de5SShteryana Shopova.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27135f7de5SShteryana Shopova.\" SUCH DAMAGE. 28135f7de5SShteryana Shopova.\" 29135f7de5SShteryana Shopova.\" $FreeBSD$ 30135f7de5SShteryana Shopova.\" 31135f7de5SShteryana Shopova.Dd September 9, 2010 32135f7de5SShteryana Shopova.Dt SNMP_USM 3 33135f7de5SShteryana Shopova.Os 34135f7de5SShteryana Shopova.Sh NAME 35135f7de5SShteryana Shopova.Nm snmp_usm 36135f7de5SShteryana Shopova.Nd "user-based security module for 37135f7de5SShteryana Shopova.Xr bsnmpd 1 38135f7de5SShteryana Shopova.Sh LIBRARY 39135f7de5SShteryana Shopova.Pq begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" 40135f7de5SShteryana Shopova.Sh DESCRIPTION 41135f7de5SShteryana ShopovaThe 42135f7de5SShteryana Shopova.Nm snmp_usm 43135f7de5SShteryana Shopovamodule implements SNMPv3 User-Based Security Model MIB as defined in RFC 3414. 44135f7de5SShteryana ShopovaThe module is used to manage the internal list of SNMPv3 USM active users in 45135f7de5SShteryana Shopova.Nm bsnmpd . 46135f7de5SShteryana ShopovaThe module must be loaded for 47135f7de5SShteryana Shopova.Nm bsnmpd 48135f7de5SShteryana Shopovato receive and process SNMPv3 USM PDUs correctly. 49135f7de5SShteryana Shopova.Sh IMPLEMENTATION NOTES 50135f7de5SShteryana ShopovaA short description of the objects in the MIB follows. 51135f7de5SShteryana Shopova.Bl -tag -width "XXXXXXXXX" 52135f7de5SShteryana Shopova.It Va usmStats 53135f7de5SShteryana ShopovaThe subtree contains statistics for the User-based Security Model PDU processing. 54135f7de5SShteryana ShopovaThe statistics are reset each time the module is loaded. 55135f7de5SShteryana Shopova.It Va usmUserSpinLock 56135f7de5SShteryana ShopovaAn advisory lock used to coordinate several Command Generator Applications when 57135f7de5SShteryana Shopovaaltering the SNMP USM users. 58135f7de5SShteryana Shopova.It Va usmUserTable 59135f7de5SShteryana ShopovaThe table contains all SNMP USM users configured in 60135f7de5SShteryana Shopova.Nm bsnmpd. 61135f7de5SShteryana ShopovaThe table contains the following objects 62135f7de5SShteryana Shopova.Bl -tag -width ".It Va usmUserEngineID" 63135f7de5SShteryana Shopova.It Va usmUserEngineID 64135f7de5SShteryana ShopovaAn SNMP engine's administratively-unique identifier. Must be set to the same 65135f7de5SShteryana ShopovaEngine ID as 66135f7de5SShteryana Shopova.Nm bsnmpd 67135f7de5SShteryana Shopovaso that the user will actually be allowed to communicate with the daemon. 68135f7de5SShteryana ShopovaThe column is used as entry key and is not accessible for GET or SET operations. 69135f7de5SShteryana Shopova.It Va usmUserName 70135f7de5SShteryana ShopovaThe USM user name. The second entry key, again not accessible for GET or SET 71135f7de5SShteryana Shopovaoperations. 72135f7de5SShteryana Shopova.It Va usmUserSecurityName 73135f7de5SShteryana ShopovaThe column has the exact same value as the 74135f7de5SShteryana Shopova.Va usmUserName 75135f7de5SShteryana Shopovacolumn, however is accessible for GET operations. 76135f7de5SShteryana Shopova.It Va usmUserCloneFrom 77135f7de5SShteryana ShopovaA GET on this column will return an empty OID. SET operations are currently not 78135f7de5SShteryana Shopovasupported. 79135f7de5SShteryana Shopova.It Va usmUserAuthProtocol 80135f7de5SShteryana ShopovaThe value of this column contains the OID corresponding to the authentication 81135f7de5SShteryana Shopovaprotocol used by the USM user. The following protocols and their OIDs are known to 82135f7de5SShteryana Shopova.Nm 83135f7de5SShteryana Shopovamodule 84135f7de5SShteryana Shopova.Bl -tag -width ".It Va NoAuthProtocol" 85135f7de5SShteryana Shopova.It NoAuthProtocol 1.3.6.1.6.3.10.1.1.1 86135f7de5SShteryana Shopova.It HMACMD5AuthProtocol 1.3.6.1.6.3.10.1.1.2 87135f7de5SShteryana Shopova.It HMACSHAAuthProtocol 1.3.6.1.6.3.10.1.1.3 88135f7de5SShteryana Shopova.El 89135f7de5SShteryana Shopova.It Va usmUserAuthKeyChange , Va usmUserOwnAuthKeyChange 90135f7de5SShteryana ShopovaThese columns may be used to change the user's authentication key. 91135f7de5SShteryana Shopova.It Va usmUserPrivProtocol 92135f7de5SShteryana ShopovaThe value of this column contains the OID corresponding to the privacy 93135f7de5SShteryana Shopovaprotocol used by the USM user. The following protocols and their OIDs are known to 94135f7de5SShteryana Shopova.Nm 95135f7de5SShteryana Shopovamodule 96135f7de5SShteryana Shopova.Bl -tag -width ".It Va NoPrivProtocol" 97135f7de5SShteryana Shopova.It NoPrivProtocol 1.3.6.1.6.3.10.1.2.1 98135f7de5SShteryana Shopova.It DESPrivProtoco 1.3.6.1.6.3.10.1.2.2 99135f7de5SShteryana Shopova.It AesCfb128Protocol 1.3.6.1.6.3.10.1.2.4 100135f7de5SShteryana Shopova.El 101135f7de5SShteryana Shopova.It Va usmUserPrivKeyChange , Va usmUserOwnPrivKeyChange 102135f7de5SShteryana ShopovaThese columns may be used to change the user's privacy key. 103135f7de5SShteryana Shopova.It Va usmUserPublic 104135f7de5SShteryana ShopovaAn arbitrary octet string that may be modified to confirm a SET operation on any 105135f7de5SShteryana Shopovaof the columns was successfull. 106135f7de5SShteryana Shopova.It Va usmUserStorageType 107135f7de5SShteryana ShopovaThis column always has either of two values. Entries created via 108135f7de5SShteryana Shopova.Nm bsnmpd's 109135f7de5SShteryana Shopovaconfiguration file always have this column set to readOnly (5) and 110135f7de5SShteryana Shopovait is not possible to modify those entries. Entries created by Command Generator 111135f7de5SShteryana ShopovaApplications always have this column set to volatile(2) and such entries are 112135f7de5SShteryana Shopovalost when the module is restarted. A SET operation on this column is not 113135f7de5SShteryana Shopovaallowed. 114135f7de5SShteryana Shopova.It Va usmUserStatus 115*72cd7a52SShteryana ShopovaThis column is used to create new USM user entries or delete existing ones from 116135f7de5SShteryana Shopovathe table. 117135f7de5SShteryana Shopova.El 118135f7de5SShteryana Shopova.EL 119135f7de5SShteryana Shopova.Sh FILES 120135f7de5SShteryana Shopova.Bl -tag -width "XXXXXXXXX" 121135f7de5SShteryana Shopova.It Pa /usr/share/snmp/defs/usm_tree.def 122135f7de5SShteryana ShopovaThe description of the MIB tree implemented by 123135f7de5SShteryana Shopova.Nm . 124135f7de5SShteryana Shopova.El 125135f7de5SShteryana Shopova.Sh SEE ALSO 126135f7de5SShteryana Shopova.Xr bsnmpd 1 , 127135f7de5SShteryana Shopova.Xr gensnmptree 1 , 128135f7de5SShteryana Shopova.Xr snmpmod 3 129135f7de5SShteryana Shopova.Sh STANDARDS 130135f7de5SShteryana ShopovaIETF RFC 3414 131135f7de5SShteryana Shopova.Sh AUTHORS 132135f7de5SShteryana Shopova.An Shteryana Shopova Aq syrinx@FreeBSD.org 133