xref: /freebsd/contrib/bsnmp/snmp_usm/snmp_usm.3 (revision 72cd7a520d65ad6c36e208486118fbc92039423e)
1135f7de5SShteryana Shopova.\"-
2135f7de5SShteryana Shopova.\" Copyright (C) 2010 The FreeBSD Foundation
3135f7de5SShteryana Shopova.\" All rights reserved.
4135f7de5SShteryana Shopova.\"
5135f7de5SShteryana Shopova.\" This documentation was written by Shteryana Sotirova Shopova under
6135f7de5SShteryana Shopova.\" sponsorship from the FreeBSD Foundation.
7135f7de5SShteryana Shopova.\"
8135f7de5SShteryana Shopova.\" Redistribution and use in source and binary forms, with or without
9135f7de5SShteryana Shopova.\" modification, are permitted provided that the following conditions
10135f7de5SShteryana Shopova.\" are met:
11135f7de5SShteryana Shopova.\" 1. Redistributions of source code must retain the above copyright
12135f7de5SShteryana Shopova.\"    notice, this list of conditions and the following disclaimer.
13135f7de5SShteryana Shopova.\" 2. Redistributions in binary form must reproduce the above copyright
14135f7de5SShteryana Shopova.\"    notice, this list of conditions and the following disclaimer in the
15135f7de5SShteryana Shopova.\"    documentation and/or other materials provided with the distribution.
16135f7de5SShteryana Shopova.\"
17135f7de5SShteryana Shopova.\" THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18135f7de5SShteryana Shopova.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19135f7de5SShteryana Shopova.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20135f7de5SShteryana Shopova.\" ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21135f7de5SShteryana Shopova.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22135f7de5SShteryana Shopova.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23135f7de5SShteryana Shopova.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24135f7de5SShteryana Shopova.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25135f7de5SShteryana Shopova.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26135f7de5SShteryana Shopova.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27135f7de5SShteryana Shopova.\" SUCH DAMAGE.
28135f7de5SShteryana Shopova.\"
29135f7de5SShteryana Shopova.\" $FreeBSD$
30135f7de5SShteryana Shopova.\"
31135f7de5SShteryana Shopova.Dd September 9, 2010
32135f7de5SShteryana Shopova.Dt SNMP_USM 3
33135f7de5SShteryana Shopova.Os
34135f7de5SShteryana Shopova.Sh NAME
35135f7de5SShteryana Shopova.Nm snmp_usm
36135f7de5SShteryana Shopova.Nd "user-based security module for
37135f7de5SShteryana Shopova.Xr bsnmpd 1
38135f7de5SShteryana Shopova.Sh LIBRARY
39135f7de5SShteryana Shopova.Pq begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"
40135f7de5SShteryana Shopova.Sh DESCRIPTION
41135f7de5SShteryana ShopovaThe
42135f7de5SShteryana Shopova.Nm snmp_usm
43135f7de5SShteryana Shopovamodule implements SNMPv3 User-Based Security Model MIB as defined in RFC 3414.
44135f7de5SShteryana ShopovaThe module is used to manage the internal list of SNMPv3 USM active users in
45135f7de5SShteryana Shopova.Nm bsnmpd .
46135f7de5SShteryana ShopovaThe module must be loaded for
47135f7de5SShteryana Shopova.Nm bsnmpd
48135f7de5SShteryana Shopovato receive and process SNMPv3 USM PDUs correctly.
49135f7de5SShteryana Shopova.Sh IMPLEMENTATION NOTES
50135f7de5SShteryana ShopovaA short description of the objects in the MIB follows.
51135f7de5SShteryana Shopova.Bl -tag -width "XXXXXXXXX"
52135f7de5SShteryana Shopova.It Va usmStats
53135f7de5SShteryana ShopovaThe subtree contains statistics for the User-based Security Model PDU processing.
54135f7de5SShteryana ShopovaThe statistics are reset each time the module is loaded.
55135f7de5SShteryana Shopova.It Va usmUserSpinLock
56135f7de5SShteryana ShopovaAn advisory lock used to coordinate several Command Generator Applications when
57135f7de5SShteryana Shopovaaltering the SNMP USM users.
58135f7de5SShteryana Shopova.It Va usmUserTable
59135f7de5SShteryana ShopovaThe table contains all SNMP USM users configured in
60135f7de5SShteryana Shopova.Nm bsnmpd.
61135f7de5SShteryana ShopovaThe table contains the following objects
62135f7de5SShteryana Shopova.Bl -tag -width ".It Va usmUserEngineID"
63135f7de5SShteryana Shopova.It Va usmUserEngineID
64135f7de5SShteryana ShopovaAn SNMP engine's administratively-unique identifier. Must be set to the same
65135f7de5SShteryana ShopovaEngine ID as
66135f7de5SShteryana Shopova.Nm bsnmpd
67135f7de5SShteryana Shopovaso that the user will actually be allowed to communicate with the daemon.
68135f7de5SShteryana ShopovaThe column is used as entry key and is not accessible for GET or SET operations.
69135f7de5SShteryana Shopova.It Va usmUserName
70135f7de5SShteryana ShopovaThe USM user name. The second entry key, again not accessible for GET or SET
71135f7de5SShteryana Shopovaoperations.
72135f7de5SShteryana Shopova.It Va usmUserSecurityName
73135f7de5SShteryana ShopovaThe column has the exact same value as the
74135f7de5SShteryana Shopova.Va usmUserName
75135f7de5SShteryana Shopovacolumn, however is accessible for GET operations.
76135f7de5SShteryana Shopova.It Va usmUserCloneFrom
77135f7de5SShteryana ShopovaA GET on this column will return an empty OID. SET operations are currently not
78135f7de5SShteryana Shopovasupported.
79135f7de5SShteryana Shopova.It Va usmUserAuthProtocol
80135f7de5SShteryana ShopovaThe value of this column contains the OID corresponding to the authentication
81135f7de5SShteryana Shopovaprotocol used by the USM user. The following protocols and their OIDs are known to
82135f7de5SShteryana Shopova.Nm
83135f7de5SShteryana Shopovamodule
84135f7de5SShteryana Shopova.Bl -tag -width ".It Va NoAuthProtocol"
85135f7de5SShteryana Shopova.It NoAuthProtocol 1.3.6.1.6.3.10.1.1.1
86135f7de5SShteryana Shopova.It HMACMD5AuthProtocol 1.3.6.1.6.3.10.1.1.2
87135f7de5SShteryana Shopova.It HMACSHAAuthProtocol 1.3.6.1.6.3.10.1.1.3
88135f7de5SShteryana Shopova.El
89135f7de5SShteryana Shopova.It Va usmUserAuthKeyChange , Va usmUserOwnAuthKeyChange
90135f7de5SShteryana ShopovaThese columns may be used to change the user's authentication key.
91135f7de5SShteryana Shopova.It Va usmUserPrivProtocol
92135f7de5SShteryana ShopovaThe value of this column contains the OID corresponding to the privacy
93135f7de5SShteryana Shopovaprotocol used by the USM user. The following protocols and their OIDs are known to
94135f7de5SShteryana Shopova.Nm
95135f7de5SShteryana Shopovamodule
96135f7de5SShteryana Shopova.Bl -tag -width ".It Va NoPrivProtocol"
97135f7de5SShteryana Shopova.It NoPrivProtocol 1.3.6.1.6.3.10.1.2.1
98135f7de5SShteryana Shopova.It DESPrivProtoco 1.3.6.1.6.3.10.1.2.2
99135f7de5SShteryana Shopova.It AesCfb128Protocol 1.3.6.1.6.3.10.1.2.4
100135f7de5SShteryana Shopova.El
101135f7de5SShteryana Shopova.It Va usmUserPrivKeyChange , Va usmUserOwnPrivKeyChange
102135f7de5SShteryana ShopovaThese columns may be used to change the user's privacy key.
103135f7de5SShteryana Shopova.It Va usmUserPublic
104135f7de5SShteryana ShopovaAn arbitrary octet string that may be modified to confirm a SET operation on any
105135f7de5SShteryana Shopovaof the columns was successfull.
106135f7de5SShteryana Shopova.It Va usmUserStorageType
107135f7de5SShteryana ShopovaThis column always has either of two values. Entries created via
108135f7de5SShteryana Shopova.Nm bsnmpd's
109135f7de5SShteryana Shopovaconfiguration file always have this column set to readOnly (5) and
110135f7de5SShteryana Shopovait is not possible to modify those entries. Entries created by Command Generator
111135f7de5SShteryana ShopovaApplications always have this column set to volatile(2) and such entries are
112135f7de5SShteryana Shopovalost when the module is restarted. A SET operation on this column is not
113135f7de5SShteryana Shopovaallowed.
114135f7de5SShteryana Shopova.It Va usmUserStatus
115*72cd7a52SShteryana ShopovaThis column is used to create new USM user entries or delete existing ones from
116135f7de5SShteryana Shopovathe table.
117135f7de5SShteryana Shopova.El
118135f7de5SShteryana Shopova.EL
119135f7de5SShteryana Shopova.Sh FILES
120135f7de5SShteryana Shopova.Bl -tag -width "XXXXXXXXX"
121135f7de5SShteryana Shopova.It Pa /usr/share/snmp/defs/usm_tree.def
122135f7de5SShteryana ShopovaThe description of the MIB tree implemented by
123135f7de5SShteryana Shopova.Nm .
124135f7de5SShteryana Shopova.El
125135f7de5SShteryana Shopova.Sh SEE ALSO
126135f7de5SShteryana Shopova.Xr bsnmpd 1 ,
127135f7de5SShteryana Shopova.Xr gensnmptree 1 ,
128135f7de5SShteryana Shopova.Xr snmpmod 3
129135f7de5SShteryana Shopova.Sh STANDARDS
130135f7de5SShteryana ShopovaIETF RFC 3414
131135f7de5SShteryana Shopova.Sh AUTHORS
132135f7de5SShteryana Shopova.An Shteryana Shopova Aq syrinx@FreeBSD.org
133