Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

snmp_usm(3) [freebsd man page]

SNMP_USM(3)						   BSD Library Functions Manual 					       SNMP_USM(3)

NAME

     snmp_usm -- user-based security module for bsnmpd(1)

LIBRARY

     (begemotSnmpdModulePath."usm" = /usr/lib/snmp_usm.so)

DESCRIPTION

     The snmp_usm module implements SNMPv3 User-Based Security Model MIB as defined in RFC 3414.  The module is used to manage the internal list
     of SNMPv3 USM active users in bsnmpd.  The module must be loaded for bsnmpd to receive and process SNMPv3 USM PDUs correctly.

IMPLEMENTATION NOTES

     A short description of the objects in the MIB follows.

     usmStats	The subtree contains statistics for the User-based Security Model PDU processing.  The statistics are reset each time the module
		is loaded.

     usmUserSpinLock
		An advisory lock used to coordinate several Command Generator Applications when altering the SNMP USM users.

     usmUserTable
		The table contains all SNMP USM users configured in bsnmpd.  The table contains the following objects

		usmUserEngineID  An SNMP engine's administratively-unique identifier. Must be set to the same Engine ID as bsnmpd so that the user
				 will actually be allowed to communicate with the daemon.  The column is used as entry key and is not accessible
				 for GET or SET operations.

		usmUserName	 The USM user name. The second entry key, again not accessible for GET or SET operations.

		usmUserSecurityName
				 The column has the exact same value as the usmUserName column, however is accessible for GET operations.

		usmUserCloneFrom
				 A GET on this column will return an empty OID. SET operations are currently not supported.

		usmUserAuthProtocol
				 The value of this column contains the OID corresponding to the authentication protocol used by the USM user. The
				 following protocols and their OIDs are known to snmp_usm module

				 NoAuthProtocol 1.3.6.1.6.3.10.1.1.1

				 HMACMD5AuthProtocol 1.3.6.1.6.3.10.1.1.2

				 HMACSHAAuthProtocol 1.3.6.1.6.3.10.1.1.3

		usmUserAuthKeyChange, usmUserOwnAuthKeyChange
				 These columns may be used to change the user's authentication key.

		usmUserPrivProtocol
				 The value of this column contains the OID corresponding to the privacy protocol used by the USM user. The follow-
				 ing protocols and their OIDs are known to snmp_usm module

				 NoPrivProtocol 1.3.6.1.6.3.10.1.2.1

				 DESPrivProtoco 1.3.6.1.6.3.10.1.2.2

				 AesCfb128Protocol 1.3.6.1.6.3.10.1.2.4

		usmUserPrivKeyChange, usmUserOwnPrivKeyChange
				 These columns may be used to change the user's privacy key.

		usmUserPublic	 An arbitrary octet string that may be modified to confirm a SET operation on any of the columns was successful.

		usmUserStorageType
				 This column always has either of two values. Entries created via bsnmpd's configuration file always have this
				 column set to readOnly (5) and it is not possible to modify those entries. Entries created by Command Generator
				 Applications always have this column set to volatile(2) and such entries are lost when the module is restarted. A
				 SET operation on this column is not allowed.

		usmUserStatus	 This column is used to create new USM user entries or delete existing ones from the table.

FILES

     /usr/share/snmp/defs/usm_tree.def
		The description of the MIB tree implemented by snmp_usm.

SEE ALSO

     bsnmpd(1), gensnmptree(1), snmpmod(3)

STANDARDS

     IETF RFC 3414

AUTHORS

     Shteryana Shopova <syrinx@FreeBSD.org>

BSD
								 September 9, 2010							       BSD

Check Out this Related Man Page

SNMP_BRIDGE(3)						   BSD Library Functions Manual 					    SNMP_BRIDGE(3)

NAME

     snmp_bridge -- bridge module for snmpd

LIBRARY

     (begemotSnmpdModulePath."bridge" = /usr/lib/snmp_bridge.so)

DESCRIPTION

     The snmp_bridge module implements the BRIDGE-MIB as standardized in RFC 4188, the RSTP-MIB standardized in RFC4318 and a private BEGEMOT-
     BRIDGE-MIB, which allows management of multiple bridge interfaces.  Most of the objects defined in the private BEGEMOT-BRIDGE-MIB are dupli-
     cates of the original objects defined by the standard BRIDGE-MIB, but the private MIB also defines additional objects which make the func-
     tionality of snmp_bridge similar to ifconfig(8) for configuring bridge interfaces.  Therefore one should consider adding write communities or
     loading the snmp_bridge module on systems where security is crucial.

IMPLEMENTATION NOTES

     The additional objects to configure a bridge are:

     begemotBridgeBaseStatus
		Bridge interfaces can be created and destroyed via this object.  SNMP SET operations with the following values are allowed:

		createAndWait  will attempt to create a bridge interface with the name given by the table index.

		createAndGo    will attempt to create a bridge interface with the name given by the table index and set the status of the inter-
			       face to "active/up".

		destroy        will attempt to destroy the bridge interface.

     begemotBridgeBaseSpanEnabled
		A SNMP SET operation on this object is only successful if the corresponding port has not been added as member of the bridge inter-
		face on the system.

     begemotBridgeBasePortStatus
		SNMP SET operations with the following values are allowed:

		createAndWait  will create a new row for the bridge member in the SNMP begemotBridgeBasePortTable but will not try to commit the
			       information to the system.

		active	       will attempt to commit the information to the system and will be successful only if a value for
			       begemotBridgeBaseSpanEnabled has been SET already.

		destroy        will attempt to remove the interface from the system bridge interface.

     begemotBridgeBasePortPrivate
		This object controls a bridge interface flag called PRIVATE where any private port can not communicate with another private port.

RESTRICTIONS

     Not all information in the MIBs is currently available in FreeBSD.  The following variables carry no information:

     dot1dBasePortCircuit

     dot1dBasePortDelayExceededDiscards

     dot1dBasePortMtuExceededDiscards

     begemotBridgeBasePortDelayExceededDiscards

     begemotBridgeBasePortMtuExceededDiscards

FILES

     /usr/share/snmp/defs/bridge_tree.def
		The description of the MIB tree implemented by snmp_bridge.

     /usr/share/snmp/mibs/BRIDGE-MIB.txt
		This is the BRIDGE-MIB that is implemented by this module.

     /usr/share/snmp/mibs/RSTP-MIB.txt
		This is the RSTP-MIB implemented by this module.

     /usr/share/snmp/mibs/BEGEMOT-BRIDGE-MIB.txt
		This is the private BEGEMOT-BRIDGE-MIB that is implemented by this module.

SEE ALSO

     bsnmpd(1), gensnmptree(1), snmpmod(3), if_bridge(4), ifconfig(8)

AUTHORS

     Shteryana Shopova <syrinx@FreeBSD.org>

BSD
								  August 6, 2007							       BSD
Man Page