SNMP_USM(3) BSD Library Functions Manual SNMP_USM(3)NAME
snmp_usm -- user-based security module for bsnmpd(1)LIBRARY
(begemotSnmpdModulePath."usm" = /usr/lib/snmp_usm.so)
DESCRIPTION
The snmp_usm module implements SNMPv3 User-Based Security Model MIB as defined in RFC 3414. The module is used to manage the internal list
of SNMPv3 USM active users in bsnmpd. The module must be loaded for bsnmpd to receive and process SNMPv3 USM PDUs correctly.
IMPLEMENTATION NOTES
A short description of the objects in the MIB follows.
usmStats The subtree contains statistics for the User-based Security Model PDU processing. The statistics are reset each time the module
is loaded.
usmUserSpinLock
An advisory lock used to coordinate several Command Generator Applications when altering the SNMP USM users.
usmUserTable
The table contains all SNMP USM users configured in bsnmpd. The table contains the following objects
usmUserEngineID An SNMP engine's administratively-unique identifier. Must be set to the same Engine ID as bsnmpd so that the user
will actually be allowed to communicate with the daemon. The column is used as entry key and is not accessible
for GET or SET operations.
usmUserName The USM user name. The second entry key, again not accessible for GET or SET operations.
usmUserSecurityName
The column has the exact same value as the usmUserName column, however is accessible for GET operations.
usmUserCloneFrom
A GET on this column will return an empty OID. SET operations are currently not supported.
usmUserAuthProtocol
The value of this column contains the OID corresponding to the authentication protocol used by the USM user. The
following protocols and their OIDs are known to snmp_usm module
NoAuthProtocol 1.3.6.1.6.3.10.1.1.1
HMACMD5AuthProtocol 1.3.6.1.6.3.10.1.1.2
HMACSHAAuthProtocol 1.3.6.1.6.3.10.1.1.3
usmUserAuthKeyChange, usmUserOwnAuthKeyChange
These columns may be used to change the user's authentication key.
usmUserPrivProtocol
The value of this column contains the OID corresponding to the privacy protocol used by the USM user. The follow-
ing protocols and their OIDs are known to snmp_usm module
NoPrivProtocol 1.3.6.1.6.3.10.1.2.1
DESPrivProtoco 1.3.6.1.6.3.10.1.2.2
AesCfb128Protocol 1.3.6.1.6.3.10.1.2.4
usmUserPrivKeyChange, usmUserOwnPrivKeyChange
These columns may be used to change the user's privacy key.
usmUserPublic An arbitrary octet string that may be modified to confirm a SET operation on any of the columns was successful.
usmUserStorageType
This column always has either of two values. Entries created via bsnmpd's configuration file always have this
column set to readOnly (5) and it is not possible to modify those entries. Entries created by Command Generator
Applications always have this column set to volatile(2) and such entries are lost when the module is restarted. A
SET operation on this column is not allowed.
usmUserStatus This column is used to create new USM user entries or delete existing ones from the table.
FILES
/usr/share/snmp/defs/usm_tree.def
The description of the MIB tree implemented by snmp_usm.
SEE ALSO bsnmpd(1), gensnmptree(1), snmpmod(3)STANDARDS
IETF RFC 3414
AUTHORS
Shteryana Shopova <syrinx@FreeBSD.org>
BSD September 9, 2010 BSD
Check Out this Related Man Page
SNMP_TARGET(3) BSD Library Functions Manual SNMP_TARGET(3)NAME
snmp_target -- Target addresses and notifications module for bsnmpd(1)LIBRARY
(begemotSnmpdModulePath."target" = /usr/lib/snmp_target.so)
DESCRIPTION
The snmp_target module implements SNMPv3 Management Target MIB and basic functionality from Notification MIB as defined in RFC 3413. The mod-
ule is used to manage the internal list of SNMPv3 notification target addresses in bsnmpd and their associated transport and encapsulation
parameters. The module must be loaded for bsnmpd to send SNMPv3 Trap-PDUs to the configured notification target addresses.
IMPLEMENTATION NOTES
A short description of the objects implemented in the module follows.
snmpTargetSpinLock
An advisory lock used to coordinate several Command Generator Applications when altering the SNMP Target addresses and their asso-
ciated parameters.
snmpTargetAddrTable
The table contains the transport addresses to be used in generation of SNMP messages. The table contains the following objects
snmpTargetAddrName A unique local identifier used as entry key. Not accessible for GET or SET operations.
snmpTargetAddrTDomain
The transport domain of the target address. Currently only UDP over IPv4 is supported and any attempt to SET
the value of this object will return an "inconsistentValue" error. Additional transport domains will be sup-
ported in future via the object definitions in TRANSPORT-ADDRESS-MIB (RFC 3419).
snmpTargetAddrTAddress
The transport address of this entry interpreted within the context of the value of snmpTargetAddrTDomain. For
UDP over IPv4, this is a 6-byte long octetstring, with the first 4 bytes representing the IPv4 address and the
last 2 bytes the UDP port number in network-byte order.
snmpTargetAddrTimeout
The value of this object is only relevant when the receiver of the SNMP message is to send an acknowledgment
that the message was received, i.e for SNMP notifications it is relevant if the notification is SNMP Inform
rather than SNMP Trap. Currently bsnmpd supports only SNMP Trap notifications, so the value of this object is
meaningless.
snmpTargetAddrRetryCount
As with snmpTargetAddrTimeout the value of this object currently is meaningless.
snmpTargetAddrTagList
A list of human-readable tag values used to select target addresses for a particular operation. Recognized
ASCII delimiting characters between tags are space (0x20), tab (0x20), carriage return (0xOD) and line feed
(0x0A).
snmpTargetAddrParams
The value of this object contains the value of a key in snmpTargetParamsTable containing SNMP parameters used
when generating messages to this transport address.
snmpTargetAddrStorageType
This column always has either of two values. Entries created via bsnmpd's configuration file always have this
column set to readOnly (5) and it is not possible to modify those entries. Entries created by Command Genera-
tor Applications always have this column set to volatile(2) and such entries are lost when the module is
restarted. A SET operation on this column is not allowed.
snmpTargetAddrRowStatus
This column is used to create new target address entries or delete existing ones from the table.
snmpTargetParamsTable
The table contains the target information to be used in generation of SNMP messages. The table contains the following objects
snmpTargetParamsName A unique local identifier used as entry key. Not accessible for GET or SET operations.
snmpTargetParamsMPModel
The Message Processing Model to be used when generating SNMP PDUs using this entry. Supported values are 0
for SNMPv1, 1 for SNMPv2c and 3 for SNMPv3.
snmpTargetParamsSecurityModel
The Security Model to be used when generating SNMP PDUs using this entry. Supported values are 1 for
SNMPv1, 2 for SNMPv2c and 3 for SNMPv3 User-Based Security Model.
snmpTargetParamsSecurityName
The securityName which identifies the Principal on whose behalf SNMP PDUs will be generated using this
entry. For SNMPv1 and SNMPv2c this is the name of a community configured in bsnmpd, and for SNMPv3 USM, this
is the name of an existing user configured via the snmp_usm module.
snmpTargetParamsSecurityLevel
The Security Level to be used when generating SNMP PDUs using this entry. Supported values are noAuthNo-
Priv(1) for plain-text PDUs with no authentication, authNoPriv(2) for authenticated plain-text PDUs and
authPriv(3) for encrypted PDUs.
snmpTargetParamsStorageType
As with snmpTargetAddrStorageType this column always has either of two values. Entries created via bsnmpd's
configuration file always have this column set to readOnly (5), while entries created by Command Generator
Applications always have this column set to volatile(2). A SET operation on this column is not allowed.
snmpTargetParamsRowStatus
This column is used to create new target address parameters entries or delete existing ones from the table.
snmpNotifyTable
The table is used to select the management targets which should receive SNMP notifications. The table contains the following
objects
snmpNotifyName A unique local identifier used as entry key. Not accessible for GET or SET operations.
snmpNotifyTag This object contains a single tag value used to select target addresses from the snmpTargetAddrTable to which the
notifications will be send.
snmpNotifyType The type of SNMP notifications that will be send to the target addresses matching the corresponding snmpNotifyTag.
Possible values are Trap (1) or Inform (2). Currently only SNMP Traps are supported and any attempt to SET the
value of this object will return an "inconsistentValue" error.
snmpNotifyStorageType
Again this column always has either of two values. Entries created via bsnmpd's configuration file always have
this column set to readOnly (5), while entries created by Command Generator Applications always have this column
set to volatile(2). A SET operation on this column is not allowed.
snmpNotifyRowStatus
This column is used to create new notification target entries or delete existing ones from the table.
The snmpNotifyFilterProfileTable and snmpNotifyFilterTable tables from the SNMP-NOTIFICATION-MIB are not supported by the module. Notifica-
tion filtering is supported via the snmp_vacm(3) module instead.
FILES
/usr/share/snmp/defs/target_tree.def
The description of the MIB tree implemented by snmp_target.
SEE ALSO bsnmpd(1), gensnmptree(1), snmpmod(3), snmp_usm(3), snmp_vacm(3)STANDARDS
IETF RFC 3413
AUTHORS
Shteryana Shopova <syrinx@FreeBSD.org>
BSD December 16, 2010 BSD