1.\"- 2.\" Copyright (C) 2010 The FreeBSD Foundation 3.\" 4.\" This documentation was written by Shteryana Sotirova Shopova under 5.\" sponsorship from the FreeBSD Foundation. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" $FreeBSD$ 29.\" 30.Dd September 9, 2010 31.Dt SNMP_USM 3 32.Os 33.Sh NAME 34.Nm snmp_usm 35.Nd "user-based security module for" 36.Xr bsnmpd 1 37.Sh LIBRARY 38.Pq begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" 39.Sh DESCRIPTION 40The 41.Nm snmp_usm 42module implements SNMPv3 User-Based Security Model MIB as defined in RFC 3414. 43The module is used to manage the internal list of SNMPv3 USM active users in 44.Nm bsnmpd . 45The module must be loaded for 46.Nm bsnmpd 47to receive and process SNMPv3 USM PDUs correctly. 48.Sh IMPLEMENTATION NOTES 49A short description of the objects in the MIB follows. 50.Bl -tag -width "XXXXXXXXX" 51.It Va usmStats 52The subtree contains statistics for the User-based Security Model PDU processing. 53The statistics are reset each time the module is loaded. 54.It Va usmUserSpinLock 55An advisory lock used to coordinate several Command Generator Applications when 56altering the SNMP USM users. 57.It Va usmUserTable 58The table contains all SNMP USM users configured in 59.Nm bsnmpd . 60The table contains the following objects 61.Bl -tag -width ".It Va usmUserEngineID" 62.It Va usmUserEngineID 63An SNMP engine's administratively-unique identifier. Must be set to the same 64Engine ID as 65.Nm bsnmpd 66so that the user will actually be allowed to communicate with the daemon. 67The column is used as entry key and is not accessible for GET or SET operations. 68.It Va usmUserName 69The USM user name. The second entry key, again not accessible for GET or SET 70operations. 71.It Va usmUserSecurityName 72The column has the exact same value as the 73.Va usmUserName 74column, however is accessible for GET operations. 75.It Va usmUserCloneFrom 76A GET on this column will return an empty OID. SET operations are currently not 77supported. 78.It Va usmUserAuthProtocol 79The value of this column contains the OID corresponding to the authentication 80protocol used by the USM user. The following protocols and their OIDs are known to 81.Nm 82module 83.Bl -tag -width ".It Va NoAuthProtocol" 84.It NoAuthProtocol 1.3.6.1.6.3.10.1.1.1 85.It HMACMD5AuthProtocol 1.3.6.1.6.3.10.1.1.2 86.It HMACSHAAuthProtocol 1.3.6.1.6.3.10.1.1.3 87.El 88.It Va usmUserAuthKeyChange , Va usmUserOwnAuthKeyChange 89These columns may be used to change the user's authentication key. 90.It Va usmUserPrivProtocol 91The value of this column contains the OID corresponding to the privacy 92protocol used by the USM user. The following protocols and their OIDs are known to 93.Nm 94module 95.Bl -tag -width ".It Va NoPrivProtocol" 96.It NoPrivProtocol 1.3.6.1.6.3.10.1.2.1 97.It DESPrivProtoco 1.3.6.1.6.3.10.1.2.2 98.It AesCfb128Protocol 1.3.6.1.6.3.10.1.2.4 99.El 100.It Va usmUserPrivKeyChange , Va usmUserOwnPrivKeyChange 101These columns may be used to change the user's privacy key. 102.It Va usmUserPublic 103An arbitrary octet string that may be modified to confirm a SET operation on any 104of the columns was successful. 105.It Va usmUserStorageType 106This column always has either of two values. Entries created via 107.Nm bsnmpd's 108configuration file always have this column set to readOnly (5) and 109it is not possible to modify those entries. Entries created by Command Generator 110Applications always have this column set to volatile(2) and such entries are 111lost when the module is restarted. A SET operation on this column is not 112allowed. 113.It Va usmUserStatus 114This column is used to create new USM user entries or delete existing ones from 115the table. 116.El 117.El 118.Sh FILES 119.Bl -tag -width "XXXXXXXXX" 120.It Pa /usr/share/snmp/defs/usm_tree.def 121The description of the MIB tree implemented by 122.Nm . 123.El 124.Sh SEE ALSO 125.Xr bsnmpd 1 , 126.Xr gensnmptree 1 , 127.Xr snmpmod 3 128.Sh STANDARDS 129IETF RFC 3414 130.Sh AUTHORS 131.An Shteryana Shopova Aq syrinx@FreeBSD.org 132