xref: /freebsd/contrib/bsnmp/snmp_usm/snmp_usm.3 (revision 2e3507c25e42292b45a5482e116d278f5515d04d)
1.\"-
2.\" Copyright (C) 2010 The FreeBSD Foundation
3.\"
4.\" This documentation was written by Shteryana Sotirova Shopova under
5.\" sponsorship from the FreeBSD Foundation.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\" 1. Redistributions of source code must retain the above copyright
11.\"    notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\" $FreeBSD$
29.\"
30.Dd September 9, 2010
31.Dt SNMP_USM 3
32.Os
33.Sh NAME
34.Nm snmp_usm
35.Nd "user-based security module for"
36.Xr bsnmpd 1
37.Sh LIBRARY
38.Pq begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"
39.Sh DESCRIPTION
40The
41.Nm snmp_usm
42module implements SNMPv3 User-Based Security Model MIB as defined in RFC 3414.
43The module is used to manage the internal list of SNMPv3 USM active users in
44.Nm bsnmpd .
45The module must be loaded for
46.Nm bsnmpd
47to receive and process SNMPv3 USM PDUs correctly.
48.Sh IMPLEMENTATION NOTES
49A short description of the objects in the MIB follows.
50.Bl -tag -width "XXXXXXXXX"
51.It Va usmStats
52The subtree contains statistics for the User-based Security Model PDU processing.
53The statistics are reset each time the module is loaded.
54.It Va usmUserSpinLock
55An advisory lock used to coordinate several Command Generator Applications when
56altering the SNMP USM users.
57.It Va usmUserTable
58The table contains all SNMP USM users configured in
59.Nm bsnmpd .
60The table contains the following objects
61.Bl -tag -width ".It Va usmUserEngineID"
62.It Va usmUserEngineID
63An SNMP engine's administratively-unique identifier. Must be set to the same
64Engine ID as
65.Nm bsnmpd
66so that the user will actually be allowed to communicate with the daemon.
67The column is used as entry key and is not accessible for GET or SET operations.
68.It Va usmUserName
69The USM user name. The second entry key, again not accessible for GET or SET
70operations.
71.It Va usmUserSecurityName
72The column has the exact same value as the
73.Va usmUserName
74column, however is accessible for GET operations.
75.It Va usmUserCloneFrom
76A GET on this column will return an empty OID. SET operations are currently not
77supported.
78.It Va usmUserAuthProtocol
79The value of this column contains the OID corresponding to the authentication
80protocol used by the USM user. The following protocols and their OIDs are known to
81.Nm
82module
83.Bl -tag -width ".It Va NoAuthProtocol"
84.It NoAuthProtocol 1.3.6.1.6.3.10.1.1.1
85.It HMACMD5AuthProtocol 1.3.6.1.6.3.10.1.1.2
86.It HMACSHAAuthProtocol 1.3.6.1.6.3.10.1.1.3
87.El
88.It Va usmUserAuthKeyChange , Va usmUserOwnAuthKeyChange
89These columns may be used to change the user's authentication key.
90.It Va usmUserPrivProtocol
91The value of this column contains the OID corresponding to the privacy
92protocol used by the USM user. The following protocols and their OIDs are known to
93.Nm
94module
95.Bl -tag -width ".It Va NoPrivProtocol"
96.It NoPrivProtocol 1.3.6.1.6.3.10.1.2.1
97.It DESPrivProtoco 1.3.6.1.6.3.10.1.2.2
98.It AesCfb128Protocol 1.3.6.1.6.3.10.1.2.4
99.El
100.It Va usmUserPrivKeyChange , Va usmUserOwnPrivKeyChange
101These columns may be used to change the user's privacy key.
102.It Va usmUserPublic
103An arbitrary octet string that may be modified to confirm a SET operation on any
104of the columns was successful.
105.It Va usmUserStorageType
106This column always has either of two values. Entries created via
107.Nm bsnmpd's
108configuration file always have this column set to readOnly (5) and
109it is not possible to modify those entries. Entries created by Command Generator
110Applications always have this column set to volatile(2) and such entries are
111lost when the module is restarted. A SET operation on this column is not
112allowed.
113.It Va usmUserStatus
114This column is used to create new USM user entries or delete existing ones from
115the table.
116.El
117.El
118.Sh FILES
119.Bl -tag -width "XXXXXXXXX"
120.It Pa /usr/share/snmp/defs/usm_tree.def
121The description of the MIB tree implemented by
122.Nm .
123.El
124.Sh SEE ALSO
125.Xr bsnmpd 1 ,
126.Xr gensnmptree 1 ,
127.Xr snmpmod 3
128.Sh STANDARDS
129IETF RFC 3414
130.Sh AUTHORS
131.An Shteryana Shopova Aq syrinx@FreeBSD.org
132