👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

RedHat 9 (Linux i386) - man page for snmpusm (redhat section 1)

SNMPUSM(1)				     Net-SNMP				       SNMPUSM(1)

NAME
       snmpusm - creates and maintains SNMPv3 users on a remote entity.

SYNOPSIS
       snmpusm [COMMON OPTIONS] create USER [CLONEFROM-USER]
       snmpusm [COMMON OPTIONS] delete USER
       snmpusm [COMMON OPTIONS] cloneFrom USER CLONEFROM-USER
       snmpusm [COMMON OPTIONS] [-Co] [-Ca] [-Cx] passwd OLD-PASSPHRASE NEW-PASSPHRASE

DESCRIPTION
       snmpusm is an SNMP application that can be used to do simple maintenance on a SNMP agent's
       User-based Security Module (USM) table.	You can create, delete,  clone,  and  change  the
       passphrase of users configured on a running SNMP agent.

       The  SNMPv3 USM specifications (see RFC2574) dictate that users are created and maintained
       by adding and modifying rows to the usmUserTable MIB table.  To create a new user you sim-
       ply  create  the  row  using snmpset.  User's profiles contain private keys that are never
       transmitted over the wire in clear text (regardless of whether the administration requests
       are encrypted or not).

       The secret key for a user is initially set by cloning another user in the table, so that a
       new user inherits the cloned user's secret key.	A user can only be cloned once,  however,
       after  which  they must be deleted and re-created to be re-cloned.  The authentication and
       privacy security types are also inherited during this cloning (e.g., MD5  vs.  SHA1).   To
       change  the  secret key for a user, you must know the user's old passphrase as well as the
       new one.  The passwd sub-command of the snmpusm command, therefore, requires both the  new
       and the old pass-phrases to be supplied.  After cloning from the appropriate template, you
       should immediately change the new users passphrase.

       The Net-SNMP agent must first be initialized so that at least one  user	is  setup  in  it
       before  you  can use this command to clone new ones.  See the snmpd.conf(5) manual page on
       the createUser configuration parameter.

EXAMPLES
       Let's assume for our examples that the following VACM and USM configurations lines were in
       the  snmpd.conf file for a Net-SNMP agent.  These lines set up a default user called "ini-
       tial" with the authentication passphrase "setup_passphrase" so that  we	can  perform  the
       initial setup of an agent:

	      # VACM configuration entries
	      rwuser initial
	      # lets add the new user we'll create too:
	      rwuser wes
	      # USM configuration entries
	      createUser initial MD5 setup_passphrase DES

       Note:  the  "initial"  user's  setup should be removed after creating a real user that you
       grant administrative privileges to (like the user "wes" we'll be creating in this example.

       Note: passphrases must be 8 characters minimum in length.

   Create a new user
       snmpusm -v3 -u initial -n "" -l authNoPriv -a MD5 -A setup_passphrase localhost create wes
       initial

	      Creates  a  new user, here named "wes" using the user "initial" to do it.  "wes" is
	      cloned from "initial" in the process, so he inherits that user's passphrase  ("set-
	      up_passphrase").

   Change the user's passphrase
       snmpusm	-v  3 -u wes -n "" -l authNoPriv -a MD5 -A setup_passphrase localhost passwd set-
       up_passphrase new_passphrase

	      After creating the user "wes" with the same passphrase as the  "initial"	user,  we
	      need  to	change	his  passphrase for him.  The above command changes it from "set-
	      up_passphrase", which was inherited from the initial user, to "new_passphrase".

   Test the new user
       snmpget -v 3 -u wes -n "" -l authNoPriv -a MD5 -A new_passphrase localhost sysUpTime.0

	      If the above commands were successful, this command should have properly	performed
	      an authenticated SNMPv3 GET request to the agent.

       Now,  go  remove  the  vacm "group" snmpd.conf entry for the "initial" user and you have a
       valid user 'wes' that you can use for future transactions instead of initial.

SEE ALSO
       snmpd.conf(5), snmp.conf(5), RFC 2574

4th Berkeley Distribution		   08 Feb 2002				       SNMPUSM(1)


All times are GMT -4. The time now is 06:45 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password