Blame mibs/ietf/SNMP-USER-BASED-SM-MIB

Packit 022b05
SNMP-USER-BASED-SM-MIB DEFINITIONS ::= BEGIN
Packit 022b05
Packit 022b05
IMPORTS
Packit 022b05
    MODULE-IDENTITY, OBJECT-TYPE,
Packit 022b05
    OBJECT-IDENTITY,
Packit 022b05
    snmpModules, Counter32                FROM SNMPv2-SMI
Packit 022b05
    TEXTUAL-CONVENTION, TestAndIncr,
Packit 022b05
    RowStatus, RowPointer,
Packit 022b05
    StorageType, AutonomousType           FROM SNMPv2-TC
Packit 022b05
    MODULE-COMPLIANCE, OBJECT-GROUP       FROM SNMPv2-CONF
Packit 022b05
    SnmpAdminString, SnmpEngineID,
Packit 022b05
    snmpAuthProtocols, snmpPrivProtocols  FROM SNMP-FRAMEWORK-MIB;
Packit 022b05
Packit 022b05
snmpUsmMIB MODULE-IDENTITY
Packit 022b05
    LAST-UPDATED "200210160000Z"            -- 16 Oct 2002, midnight
Packit 022b05
    ORGANIZATION "SNMPv3 Working Group"
Packit 022b05
    CONTACT-INFO "WG-email:   snmpv3@lists.tislabs.com
Packit 022b05
                  Subscribe:  majordomo@lists.tislabs.com
Packit 022b05
                              In msg body:  subscribe snmpv3
Packit 022b05
Packit 022b05
                  Chair:      Russ Mundy
Packit 022b05
                              Network Associates Laboratories
Packit 022b05
                  postal:     15204 Omega Drive, Suite 300
Packit 022b05
                              Rockville, MD 20850-4601
Packit 022b05
                              USA
Packit 022b05
                  email:      mundy@tislabs.com
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                  phone:      +1 301-947-7107
Packit 022b05
Packit 022b05
                  Co-Chair:   David Harrington
Packit 022b05
                              Enterasys Networks
Packit 022b05
                  Postal:     35 Industrial Way
Packit 022b05
                              P. O. Box 5004
Packit 022b05
                              Rochester, New Hampshire 03866-5005
Packit 022b05
                              USA
Packit 022b05
                  EMail:      dbh@enterasys.com
Packit 022b05
                  Phone:      +1 603-337-2614
Packit 022b05
Packit 022b05
                  Co-editor   Uri Blumenthal
Packit 022b05
                              Lucent Technologies
Packit 022b05
                  postal:     67 Whippany Rd.
Packit 022b05
                              Whippany, NJ 07981
Packit 022b05
                              USA
Packit 022b05
                  email:      uri@lucent.com
Packit 022b05
                  phone:      +1-973-386-2163
Packit 022b05
Packit 022b05
                  Co-editor:  Bert Wijnen
Packit 022b05
                              Lucent Technologies
Packit 022b05
                  postal:     Schagen 33
Packit 022b05
                              3461 GL Linschoten
Packit 022b05
                              Netherlands
Packit 022b05
                  email:      bwijnen@lucent.com
Packit 022b05
                  phone:      +31-348-480-685
Packit 022b05
                 "
Packit 022b05
    DESCRIPTION  "The management information definitions for the
Packit 022b05
                  SNMP User-based Security Model.
Packit 022b05
Packit 022b05
                  Copyright (C) The Internet Society (2002). This
Packit 022b05
                  version of this MIB module is part of RFC 3414;
Packit 022b05
                  see the RFC itself for full legal notices.
Packit 022b05
                 "
Packit 022b05
--  Revision history
Packit 022b05
Packit 022b05
    REVISION     "200210160000Z"          -- 16 Oct 2002, midnight
Packit 022b05
    DESCRIPTION  "Changes in this revision:
Packit 022b05
                  - Updated references and contact info.
Packit 022b05
                  - Clarification to usmUserCloneFrom DESCRIPTION
Packit 022b05
                    clause
Packit 022b05
                  - Fixed 'command responder' into 'command generator'
Packit 022b05
                    in last para of DESCRIPTION clause of
Packit 022b05
                    usmUserTable.
Packit 022b05
                  This revision published as RFC3414.
Packit 022b05
                 "
Packit 022b05
    REVISION     "199901200000Z"          -- 20 Jan 1999, midnight
Packit 022b05
    DESCRIPTION  "Clarifications, published as RFC2574"
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
    REVISION     "199711200000Z"          -- 20 Nov 1997, midnight
Packit 022b05
    DESCRIPTION  "Initial version, published as RFC2274"
Packit 022b05
Packit 022b05
    ::= { snmpModules 15 }
Packit 022b05
Packit 022b05
-- Administrative assignments ****************************************
Packit 022b05
Packit 022b05
usmMIBObjects     OBJECT IDENTIFIER ::= { snmpUsmMIB 1 }
Packit 022b05
usmMIBConformance OBJECT IDENTIFIER ::= { snmpUsmMIB 2 }
Packit 022b05
Packit 022b05
-- Identification of Authentication and Privacy Protocols ************
Packit 022b05
Packit 022b05
usmNoAuthProtocol OBJECT-IDENTITY
Packit 022b05
    STATUS        current
Packit 022b05
    DESCRIPTION  "No Authentication Protocol."
Packit 022b05
    ::= { snmpAuthProtocols 1 }
Packit 022b05
Packit 022b05
usmHMACMD5AuthProtocol OBJECT-IDENTITY
Packit 022b05
    STATUS        current
Packit 022b05
    DESCRIPTION  "The HMAC-MD5-96 Digest Authentication Protocol."
Packit 022b05
    REFERENCE    "- H. Krawczyk, M. Bellare, R. Canetti HMAC:
Packit 022b05
                    Keyed-Hashing for Message Authentication,
Packit 022b05
                    RFC2104, Feb 1997.
Packit 022b05
                  - Rivest, R., Message Digest Algorithm MD5, RFC1321.
Packit 022b05
                 "
Packit 022b05
    ::= { snmpAuthProtocols 2 }
Packit 022b05
Packit 022b05
usmHMACSHAAuthProtocol OBJECT-IDENTITY
Packit 022b05
    STATUS        current
Packit 022b05
    DESCRIPTION  "The HMAC-SHA-96 Digest Authentication Protocol."
Packit 022b05
    REFERENCE    "- H. Krawczyk, M. Bellare, R. Canetti, HMAC:
Packit 022b05
                    Keyed-Hashing for Message Authentication,
Packit 022b05
                    RFC2104, Feb 1997.
Packit 022b05
                  - Secure Hash Algorithm. NIST FIPS 180-1.
Packit 022b05
                 "
Packit 022b05
    ::= { snmpAuthProtocols 3 }
Packit 022b05
Packit 022b05
usmNoPrivProtocol OBJECT-IDENTITY
Packit 022b05
    STATUS        current
Packit 022b05
    DESCRIPTION  "No Privacy Protocol."
Packit 022b05
    ::= { snmpPrivProtocols 1 }
Packit 022b05
Packit 022b05
usmDESPrivProtocol OBJECT-IDENTITY
Packit 022b05
    STATUS        current
Packit 022b05
    DESCRIPTION  "The CBC-DES Symmetric Encryption Protocol."
Packit 022b05
    REFERENCE    "- Data Encryption Standard, National Institute of
Packit 022b05
                    Standards and Technology.  Federal Information
Packit 022b05
                    Processing Standard (FIPS) Publication 46-1.
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                    Supersedes FIPS Publication 46,
Packit 022b05
                    (January, 1977; reaffirmed January, 1988).
Packit 022b05
Packit 022b05
                  - Data Encryption Algorithm, American National
Packit 022b05
                    Standards Institute.  ANSI X3.92-1981,
Packit 022b05
                    (December, 1980).
Packit 022b05
Packit 022b05
                  - DES Modes of Operation, National Institute of
Packit 022b05
                    Standards and Technology.  Federal Information
Packit 022b05
                    Processing Standard (FIPS) Publication 81,
Packit 022b05
                    (December, 1980).
Packit 022b05
Packit 022b05
                  - Data Encryption Algorithm - Modes of Operation,
Packit 022b05
                    American National Standards Institute.
Packit 022b05
                    ANSI X3.106-1983, (May 1983).
Packit 022b05
                 "
Packit 022b05
    ::= { snmpPrivProtocols 2 }
Packit 022b05
Packit 022b05
-- Textual Conventions ***********************************************
Packit 022b05
Packit 022b05
KeyChange ::=     TEXTUAL-CONVENTION
Packit 022b05
   STATUS         current
Packit 022b05
   DESCRIPTION
Packit 022b05
         "Every definition of an object with this syntax must identify
Packit 022b05
          a protocol P, a secret key K, and a hash algorithm H
Packit 022b05
          that produces output of L octets.
Packit 022b05
Packit 022b05
          The object's value is a manager-generated, partially-random
Packit 022b05
          value which, when modified, causes the value of the secret
Packit 022b05
          key K, to be modified via a one-way function.
Packit 022b05
Packit 022b05
          The value of an instance of this object is the concatenation
Packit 022b05
          of two components: first a 'random' component and then a
Packit 022b05
          'delta' component.
Packit 022b05
Packit 022b05
          The lengths of the random and delta components
Packit 022b05
          are given by the corresponding value of the protocol P;
Packit 022b05
          if P requires K to be a fixed length, the length of both the
Packit 022b05
          random and delta components is that fixed length; if P
Packit 022b05
          allows the length of K to be variable up to a particular
Packit 022b05
          maximum length, the length of the random component is that
Packit 022b05
          maximum length and the length of the delta component is any
Packit 022b05
          length less than or equal to that maximum length.
Packit 022b05
          For example, usmHMACMD5AuthProtocol requires K to be a fixed
Packit 022b05
          length of 16 octets and L - of 16 octets.
Packit 022b05
          usmHMACSHAAuthProtocol requires K to be a fixed length of
Packit 022b05
          20 octets and L - of 20 octets. Other protocols may define
Packit 022b05
          other sizes, as deemed appropriate.
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
          When a requester wants to change the old key K to a new
Packit 022b05
          key keyNew on a remote entity, the 'random' component is
Packit 022b05
          obtained from either a true random generator, or from a
Packit 022b05
          pseudorandom generator, and the 'delta' component is
Packit 022b05
          computed as follows:
Packit 022b05
Packit 022b05
           - a temporary variable is initialized to the existing value
Packit 022b05
             of K;
Packit 022b05
           - if the length of the keyNew is greater than L octets,
Packit 022b05
             then:
Packit 022b05
              - the random component is appended to the value of the
Packit 022b05
                temporary variable, and the result is input to the
Packit 022b05
                the hash algorithm H to produce a digest value, and
Packit 022b05
                the temporary variable is set to this digest value;
Packit 022b05
              - the value of the temporary variable is XOR-ed with
Packit 022b05
                the first (next) L-octets (16 octets in case of MD5)
Packit 022b05
                of the keyNew to produce the first (next) L-octets
Packit 022b05
                (16 octets in case of MD5) of the 'delta' component.
Packit 022b05
              - the above two steps are repeated until the unused
Packit 022b05
                portion of the keyNew component is L octets or less,
Packit 022b05
           - the random component is appended to the value of the
Packit 022b05
             temporary variable, and the result is input to the
Packit 022b05
             hash algorithm H to produce a digest value;
Packit 022b05
           - this digest value, truncated if necessary to be the same
Packit 022b05
             length as the unused portion of the keyNew, is XOR-ed
Packit 022b05
             with the unused portion of the keyNew to produce the
Packit 022b05
             (final portion of the) 'delta' component.
Packit 022b05
Packit 022b05
           For example, using MD5 as the hash algorithm H:
Packit 022b05
Packit 022b05
              iterations = (lenOfDelta - 1)/16; /* integer division */
Packit 022b05
              temp = keyOld;
Packit 022b05
              for (i = 0; i < iterations; i++) {
Packit 022b05
                  temp = MD5 (temp || random);
Packit 022b05
                  delta[i*16 .. (i*16)+15] =
Packit 022b05
                         temp XOR keyNew[i*16 .. (i*16)+15];
Packit 022b05
              }
Packit 022b05
              temp = MD5 (temp || random);
Packit 022b05
              delta[i*16 .. lenOfDelta-1] =
Packit 022b05
                     temp XOR keyNew[i*16 .. lenOfDelta-1];
Packit 022b05
Packit 022b05
          The 'random' and 'delta' components are then concatenated as
Packit 022b05
          described above, and the resulting octet string is sent to
Packit 022b05
          the recipient as the new value of an instance of this object.
Packit 022b05
Packit 022b05
          At the receiver side, when an instance of this object is set
Packit 022b05
          to a new value, then a new value of K is computed as follows:
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
           - a temporary variable is initialized to the existing value
Packit 022b05
             of K;
Packit 022b05
           - if the length of the delta component is greater than L
Packit 022b05
             octets, then:
Packit 022b05
              - the random component is appended to the value of the
Packit 022b05
                temporary variable, and the result is input to the
Packit 022b05
                hash algorithm H to produce a digest value, and the
Packit 022b05
                temporary variable is set to this digest value;
Packit 022b05
              - the value of the temporary variable is XOR-ed with
Packit 022b05
                the first (next) L-octets (16 octets in case of MD5)
Packit 022b05
                of the delta component to produce the first (next)
Packit 022b05
                L-octets (16 octets in case of MD5) of the new value
Packit 022b05
                of K.
Packit 022b05
              - the above two steps are repeated until the unused
Packit 022b05
                portion of the delta component is L octets or less,
Packit 022b05
           - the random component is appended to the value of the
Packit 022b05
             temporary variable, and the result is input to the
Packit 022b05
             hash algorithm H to produce a digest value;
Packit 022b05
           - this digest value, truncated if necessary to be the same
Packit 022b05
             length as the unused portion of the delta component, is
Packit 022b05
             XOR-ed with the unused portion of the delta component to
Packit 022b05
             produce the (final portion of the) new value of K.
Packit 022b05
Packit 022b05
           For example, using MD5 as the hash algorithm H:
Packit 022b05
Packit 022b05
              iterations = (lenOfDelta - 1)/16; /* integer division */
Packit 022b05
              temp = keyOld;
Packit 022b05
              for (i = 0; i < iterations; i++) {
Packit 022b05
                  temp = MD5 (temp || random);
Packit 022b05
                  keyNew[i*16 .. (i*16)+15] =
Packit 022b05
                         temp XOR delta[i*16 .. (i*16)+15];
Packit 022b05
              }
Packit 022b05
              temp = MD5 (temp || random);
Packit 022b05
              keyNew[i*16 .. lenOfDelta-1] =
Packit 022b05
                     temp XOR delta[i*16 .. lenOfDelta-1];
Packit 022b05
Packit 022b05
          The value of an object with this syntax, whenever it is
Packit 022b05
          retrieved by the management protocol, is always the zero
Packit 022b05
          length string.
Packit 022b05
Packit 022b05
          Note that the keyOld and keyNew are the localized keys.
Packit 022b05
Packit 022b05
          Note that it is probably wise that when an SNMP entity sends
Packit 022b05
          a SetRequest to change a key, that it keeps a copy of the old
Packit 022b05
          key until it has confirmed that the key change actually
Packit 022b05
          succeeded.
Packit 022b05
         "
Packit 022b05
    SYNTAX       OCTET STRING
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
-- Statistics for the User-based Security Model **********************
Packit 022b05
Packit 022b05
Packit 022b05
usmStats         OBJECT IDENTIFIER ::= { usmMIBObjects 1 }
Packit 022b05
Packit 022b05
Packit 022b05
usmStatsUnsupportedSecLevels OBJECT-TYPE
Packit 022b05
    SYNTAX       Counter32
Packit 022b05
    MAX-ACCESS   read-only
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The total number of packets received by the SNMP
Packit 022b05
                 engine which were dropped because they requested a
Packit 022b05
                 securityLevel that was unknown to the SNMP engine
Packit 022b05
                 or otherwise unavailable.
Packit 022b05
                "
Packit 022b05
    ::= { usmStats 1 }
Packit 022b05
Packit 022b05
usmStatsNotInTimeWindows OBJECT-TYPE
Packit 022b05
    SYNTAX       Counter32
Packit 022b05
    MAX-ACCESS   read-only
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The total number of packets received by the SNMP
Packit 022b05
                 engine which were dropped because they appeared
Packit 022b05
                 outside of the authoritative SNMP engine's window.
Packit 022b05
                "
Packit 022b05
    ::= { usmStats 2 }
Packit 022b05
Packit 022b05
usmStatsUnknownUserNames OBJECT-TYPE
Packit 022b05
    SYNTAX       Counter32
Packit 022b05
    MAX-ACCESS   read-only
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The total number of packets received by the SNMP
Packit 022b05
                 engine which were dropped because they referenced a
Packit 022b05
                 user that was not known to the SNMP engine.
Packit 022b05
                "
Packit 022b05
    ::= { usmStats 3 }
Packit 022b05
Packit 022b05
usmStatsUnknownEngineIDs OBJECT-TYPE
Packit 022b05
    SYNTAX       Counter32
Packit 022b05
    MAX-ACCESS   read-only
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The total number of packets received by the SNMP
Packit 022b05
                 engine which were dropped because they referenced an
Packit 022b05
                 snmpEngineID that was not known to the SNMP engine.
Packit 022b05
                "
Packit 022b05
    ::= { usmStats 4 }
Packit 022b05
Packit 022b05
usmStatsWrongDigests OBJECT-TYPE
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
    SYNTAX       Counter32
Packit 022b05
    MAX-ACCESS   read-only
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The total number of packets received by the SNMP
Packit 022b05
                 engine which were dropped because they didn't
Packit 022b05
                 contain the expected digest value.
Packit 022b05
                "
Packit 022b05
    ::= { usmStats 5 }
Packit 022b05
Packit 022b05
usmStatsDecryptionErrors OBJECT-TYPE
Packit 022b05
    SYNTAX       Counter32
Packit 022b05
    MAX-ACCESS   read-only
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The total number of packets received by the SNMP
Packit 022b05
                 engine which were dropped because they could not be
Packit 022b05
                 decrypted.
Packit 022b05
                "
Packit 022b05
    ::= { usmStats 6 }
Packit 022b05
Packit 022b05
-- The usmUser Group ************************************************
Packit 022b05
Packit 022b05
usmUser          OBJECT IDENTIFIER ::= { usmMIBObjects 2 }
Packit 022b05
Packit 022b05
usmUserSpinLock  OBJECT-TYPE
Packit 022b05
    SYNTAX       TestAndIncr
Packit 022b05
    MAX-ACCESS   read-write
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "An advisory lock used to allow several cooperating
Packit 022b05
                 Command Generator Applications to coordinate their
Packit 022b05
                 use of facilities to alter secrets in the
Packit 022b05
                 usmUserTable.
Packit 022b05
                "
Packit 022b05
    ::= { usmUser 1 }
Packit 022b05
Packit 022b05
-- The table of valid users for the User-based Security Model ********
Packit 022b05
Packit 022b05
usmUserTable     OBJECT-TYPE
Packit 022b05
    SYNTAX       SEQUENCE OF UsmUserEntry
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The table of users configured in the SNMP engine's
Packit 022b05
                 Local Configuration Datastore (LCD).
Packit 022b05
Packit 022b05
                 To create a new user (i.e., to instantiate a new
Packit 022b05
                 conceptual row in this table), it is recommended to
Packit 022b05
                 follow this procedure:
Packit 022b05
Packit 022b05
                   1)  GET(usmUserSpinLock.0) and save in sValue.
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                   2)  SET(usmUserSpinLock.0=sValue,
Packit 022b05
                           usmUserCloneFrom=templateUser,
Packit 022b05
                           usmUserStatus=createAndWait)
Packit 022b05
                       You should use a template user to clone from
Packit 022b05
                       which has the proper auth/priv protocol defined.
Packit 022b05
Packit 022b05
                 If the new user is to use privacy:
Packit 022b05
Packit 022b05
                   3)  generate the keyChange value based on the secret
Packit 022b05
                       privKey of the clone-from user and the secret key
Packit 022b05
                       to be used for the new user. Let us call this
Packit 022b05
                       pkcValue.
Packit 022b05
                   4)  GET(usmUserSpinLock.0) and save in sValue.
Packit 022b05
                   5)  SET(usmUserSpinLock.0=sValue,
Packit 022b05
                           usmUserPrivKeyChange=pkcValue
Packit 022b05
                           usmUserPublic=randomValue1)
Packit 022b05
                   6)  GET(usmUserPulic) and check it has randomValue1.
Packit 022b05
                       If not, repeat steps 4-6.
Packit 022b05
Packit 022b05
                 If the new user will never use privacy:
Packit 022b05
Packit 022b05
                   7)  SET(usmUserPrivProtocol=usmNoPrivProtocol)
Packit 022b05
Packit 022b05
                 If the new user is to use authentication:
Packit 022b05
Packit 022b05
                   8)  generate the keyChange value based on the secret
Packit 022b05
                       authKey of the clone-from user and the secret key
Packit 022b05
                       to be used for the new user. Let us call this
Packit 022b05
                       akcValue.
Packit 022b05
                   9)  GET(usmUserSpinLock.0) and save in sValue.
Packit 022b05
                   10) SET(usmUserSpinLock.0=sValue,
Packit 022b05
                           usmUserAuthKeyChange=akcValue
Packit 022b05
                           usmUserPublic=randomValue2)
Packit 022b05
                   11) GET(usmUserPulic) and check it has randomValue2.
Packit 022b05
                       If not, repeat steps 9-11.
Packit 022b05
Packit 022b05
                 If the new user will never use authentication:
Packit 022b05
Packit 022b05
                   12) SET(usmUserAuthProtocol=usmNoAuthProtocol)
Packit 022b05
Packit 022b05
                 Finally, activate the new user:
Packit 022b05
Packit 022b05
                   13) SET(usmUserStatus=active)
Packit 022b05
Packit 022b05
                 The new user should now be available and ready to be
Packit 022b05
                 used for SNMPv3 communication. Note however that access
Packit 022b05
                 to MIB data must be provided via configuration of the
Packit 022b05
                 SNMP-VIEW-BASED-ACM-MIB.
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 The use of usmUserSpinlock is to avoid conflicts with
Packit 022b05
                 another SNMP command generator application which may
Packit 022b05
                 also be acting on the usmUserTable.
Packit 022b05
                "
Packit 022b05
    ::= { usmUser 2 }
Packit 022b05
Packit 022b05
usmUserEntry     OBJECT-TYPE
Packit 022b05
    SYNTAX       UsmUserEntry
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "A user configured in the SNMP engine's Local
Packit 022b05
                 Configuration Datastore (LCD) for the User-based
Packit 022b05
                 Security Model.
Packit 022b05
                "
Packit 022b05
    INDEX       { usmUserEngineID,
Packit 022b05
                  usmUserName
Packit 022b05
                }
Packit 022b05
    ::= { usmUserTable 1 }
Packit 022b05
Packit 022b05
UsmUserEntry ::= SEQUENCE
Packit 022b05
    {
Packit 022b05
        usmUserEngineID         SnmpEngineID,
Packit 022b05
        usmUserName             SnmpAdminString,
Packit 022b05
        usmUserSecurityName     SnmpAdminString,
Packit 022b05
        usmUserCloneFrom        RowPointer,
Packit 022b05
        usmUserAuthProtocol     AutonomousType,
Packit 022b05
        usmUserAuthKeyChange    KeyChange,
Packit 022b05
        usmUserOwnAuthKeyChange KeyChange,
Packit 022b05
        usmUserPrivProtocol     AutonomousType,
Packit 022b05
        usmUserPrivKeyChange    KeyChange,
Packit 022b05
        usmUserOwnPrivKeyChange KeyChange,
Packit 022b05
        usmUserPublic           OCTET STRING,
Packit 022b05
        usmUserStorageType      StorageType,
Packit 022b05
        usmUserStatus           RowStatus
Packit 022b05
    }
Packit 022b05
Packit 022b05
usmUserEngineID  OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpEngineID
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "An SNMP engine's administratively-unique identifier.
Packit 022b05
Packit 022b05
                 In a simple agent, this value is always that agent's
Packit 022b05
                 own snmpEngineID value.
Packit 022b05
Packit 022b05
                 The value can also take the value of the snmpEngineID
Packit 022b05
                 of a remote SNMP engine with which this user can
Packit 022b05
                 communicate.
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                "
Packit 022b05
    ::= { usmUserEntry 1 }
Packit 022b05
Packit 022b05
usmUserName      OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpAdminString (SIZE(1..32))
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "A human readable string representing the name of
Packit 022b05
                 the user.
Packit 022b05
Packit 022b05
                 This is the (User-based Security) Model dependent
Packit 022b05
                 security ID.
Packit 022b05
                "
Packit 022b05
    ::= { usmUserEntry 2 }
Packit 022b05
Packit 022b05
usmUserSecurityName OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpAdminString
Packit 022b05
    MAX-ACCESS   read-only
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "A human readable string representing the user in
Packit 022b05
                 Security Model independent format.
Packit 022b05
Packit 022b05
                 The default transformation of the User-based Security
Packit 022b05
                 Model dependent security ID to the securityName and
Packit 022b05
                 vice versa is the identity function so that the
Packit 022b05
                 securityName is the same as the userName.
Packit 022b05
                "
Packit 022b05
    ::= { usmUserEntry 3 }
Packit 022b05
Packit 022b05
usmUserCloneFrom OBJECT-TYPE
Packit 022b05
    SYNTAX       RowPointer
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "A pointer to another conceptual row in this
Packit 022b05
                 usmUserTable.  The user in this other conceptual
Packit 022b05
                 row is called the clone-from user.
Packit 022b05
Packit 022b05
                 When a new user is created (i.e., a new conceptual
Packit 022b05
                 row is instantiated in this table), the privacy and
Packit 022b05
                 authentication parameters of the new user must be
Packit 022b05
                 cloned from its clone-from user. These parameters are:
Packit 022b05
                   - authentication protocol (usmUserAuthProtocol)
Packit 022b05
                   - privacy protocol (usmUserPrivProtocol)
Packit 022b05
                 They will be copied regardless of what the current
Packit 022b05
                 value is.
Packit 022b05
Packit 022b05
                 Cloning also causes the initial values of the secret
Packit 022b05
                 authentication key (authKey) and the secret encryption
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 key (privKey) of the new user to be set to the same
Packit 022b05
                 values as the corresponding secrets of the clone-from
Packit 022b05
                 user to allow the KeyChange process to occur as
Packit 022b05
                 required during user creation.
Packit 022b05
Packit 022b05
                 The first time an instance of this object is set by
Packit 022b05
                 a management operation (either at or after its
Packit 022b05
                 instantiation), the cloning process is invoked.
Packit 022b05
                 Subsequent writes are successful but invoke no
Packit 022b05
                 action to be taken by the receiver.
Packit 022b05
                 The cloning process fails with an 'inconsistentName'
Packit 022b05
                 error if the conceptual row representing the
Packit 022b05
                 clone-from user does not exist or is not in an active
Packit 022b05
                 state when the cloning process is invoked.
Packit 022b05
Packit 022b05
                 When this object is read, the ZeroDotZero OID
Packit 022b05
                 is returned.
Packit 022b05
                "
Packit 022b05
    ::= { usmUserEntry 4 }
Packit 022b05
Packit 022b05
usmUserAuthProtocol OBJECT-TYPE
Packit 022b05
    SYNTAX       AutonomousType
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "An indication of whether messages sent on behalf of
Packit 022b05
                 this user to/from the SNMP engine identified by
Packit 022b05
                 usmUserEngineID, can be authenticated, and if so,
Packit 022b05
                 the type of authentication protocol which is used.
Packit 022b05
Packit 022b05
                 An instance of this object is created concurrently
Packit 022b05
                 with the creation of any other object instance for
Packit 022b05
                 the same user (i.e., as part of the processing of
Packit 022b05
                 the set operation which creates the first object
Packit 022b05
                 instance in the same conceptual row).
Packit 022b05
Packit 022b05
                 If an initial set operation (i.e. at row creation time)
Packit 022b05
                 tries to set a value for an unknown or unsupported
Packit 022b05
                 protocol, then a 'wrongValue' error must be returned.
Packit 022b05
Packit 022b05
                 The value will be overwritten/set when a set operation
Packit 022b05
                 is performed on the corresponding instance of
Packit 022b05
                 usmUserCloneFrom.
Packit 022b05
Packit 022b05
                 Once instantiated, the value of such an instance of
Packit 022b05
                 this object can only be changed via a set operation to
Packit 022b05
                 the value of the usmNoAuthProtocol.
Packit 022b05
Packit 022b05
                 If a set operation tries to change the value of an
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 existing instance of this object to any value other
Packit 022b05
                 than usmNoAuthProtocol, then an 'inconsistentValue'
Packit 022b05
                 error must be returned.
Packit 022b05
Packit 022b05
                 If a set operation tries to set the value to the
Packit 022b05
                 usmNoAuthProtocol while the usmUserPrivProtocol value
Packit 022b05
                 in the same row is not equal to usmNoPrivProtocol,
Packit 022b05
                 then an 'inconsistentValue' error must be returned.
Packit 022b05
                 That means that an SNMP command generator application
Packit 022b05
                 must first ensure that the usmUserPrivProtocol is set
Packit 022b05
                 to the usmNoPrivProtocol value before it can set
Packit 022b05
                 the usmUserAuthProtocol value to usmNoAuthProtocol.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { usmNoAuthProtocol }
Packit 022b05
    ::= { usmUserEntry 5 }
Packit 022b05
Packit 022b05
usmUserAuthKeyChange OBJECT-TYPE
Packit 022b05
    SYNTAX       KeyChange   -- typically (SIZE (0 | 32)) for HMACMD5
Packit 022b05
                             -- typically (SIZE (0 | 40)) for HMACSHA
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "An object, which when modified, causes the secret
Packit 022b05
                 authentication key used for messages sent on behalf
Packit 022b05
                 of this user to/from the SNMP engine identified by
Packit 022b05
                 usmUserEngineID, to be modified via a one-way
Packit 022b05
                 function.
Packit 022b05
Packit 022b05
                 The associated protocol is the usmUserAuthProtocol.
Packit 022b05
                 The associated secret key is the user's secret
Packit 022b05
                 authentication key (authKey). The associated hash
Packit 022b05
                 algorithm is the algorithm used by the user's
Packit 022b05
                 usmUserAuthProtocol.
Packit 022b05
Packit 022b05
                 When creating a new user, it is an 'inconsistentName'
Packit 022b05
                 error for a set operation to refer to this object
Packit 022b05
                 unless it is previously or concurrently initialized
Packit 022b05
                 through a set operation on the corresponding instance
Packit 022b05
                 of usmUserCloneFrom.
Packit 022b05
Packit 022b05
                 When the value of the corresponding usmUserAuthProtocol
Packit 022b05
                 is usmNoAuthProtocol, then a set is successful, but
Packit 022b05
                 effectively is a no-op.
Packit 022b05
Packit 022b05
                 When this object is read, the zero-length (empty)
Packit 022b05
                 string is returned.
Packit 022b05
Packit 022b05
                 The recommended way to do a key change is as follows:
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                   1) GET(usmUserSpinLock.0) and save in sValue.
Packit 022b05
                   2) generate the keyChange value based on the old
Packit 022b05
                      (existing) secret key and the new secret key,
Packit 022b05
                      let us call this kcValue.
Packit 022b05
Packit 022b05
                 If you do the key change on behalf of another user:
Packit 022b05
Packit 022b05
                   3) SET(usmUserSpinLock.0=sValue,
Packit 022b05
                          usmUserAuthKeyChange=kcValue
Packit 022b05
                          usmUserPublic=randomValue)
Packit 022b05
Packit 022b05
                 If you do the key change for yourself:
Packit 022b05
Packit 022b05
                   4) SET(usmUserSpinLock.0=sValue,
Packit 022b05
                          usmUserOwnAuthKeyChange=kcValue
Packit 022b05
                          usmUserPublic=randomValue)
Packit 022b05
Packit 022b05
                 If you get a response with error-status of noError,
Packit 022b05
                 then the SET succeeded and the new key is active.
Packit 022b05
                 If you do not get a response, then you can issue a
Packit 022b05
                 GET(usmUserPublic) and check if the value is equal
Packit 022b05
                 to the randomValue you did send in the SET. If so, then
Packit 022b05
                 the key change succeeded and the new key is active
Packit 022b05
                 (probably the response got lost). If not, then the SET
Packit 022b05
                 request probably never reached the target and so you
Packit 022b05
                 can start over with the procedure above.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { ''H }    -- the empty string
Packit 022b05
    ::= { usmUserEntry 6 }
Packit 022b05
Packit 022b05
usmUserOwnAuthKeyChange OBJECT-TYPE
Packit 022b05
    SYNTAX       KeyChange   -- typically (SIZE (0 | 32)) for HMACMD5
Packit 022b05
                             -- typically (SIZE (0 | 40)) for HMACSHA
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "Behaves exactly as usmUserAuthKeyChange, with one
Packit 022b05
                 notable difference: in order for the set operation
Packit 022b05
                 to succeed, the usmUserName of the operation
Packit 022b05
                 requester must match the usmUserName that
Packit 022b05
                 indexes the row which is targeted by this
Packit 022b05
                 operation.
Packit 022b05
                 In addition, the USM security model must be
Packit 022b05
                 used for this operation.
Packit 022b05
Packit 022b05
                 The idea here is that access to this column can be
Packit 022b05
                 public, since it will only allow a user to change
Packit 022b05
                 his own secret authentication key (authKey).
Packit 022b05
                 Note that this can only be done once the row is active.
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 When a set is received and the usmUserName of the
Packit 022b05
                 requester is not the same as the umsUserName that
Packit 022b05
                 indexes the row which is targeted by this operation,
Packit 022b05
                 then a 'noAccess' error must be returned.
Packit 022b05
Packit 022b05
                 When a set is received and the security model in use
Packit 022b05
                 is not USM, then a 'noAccess' error must be returned.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { ''H }    -- the empty string
Packit 022b05
    ::= { usmUserEntry 7 }
Packit 022b05
Packit 022b05
usmUserPrivProtocol OBJECT-TYPE
Packit 022b05
    SYNTAX       AutonomousType
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "An indication of whether messages sent on behalf of
Packit 022b05
                 this user to/from the SNMP engine identified by
Packit 022b05
                 usmUserEngineID, can be protected from disclosure,
Packit 022b05
                 and if so, the type of privacy protocol which is used.
Packit 022b05
Packit 022b05
                 An instance of this object is created concurrently
Packit 022b05
                 with the creation of any other object instance for
Packit 022b05
                 the same user (i.e., as part of the processing of
Packit 022b05
                 the set operation which creates the first object
Packit 022b05
                 instance in the same conceptual row).
Packit 022b05
Packit 022b05
                 If an initial set operation (i.e. at row creation time)
Packit 022b05
                 tries to set a value for an unknown or unsupported
Packit 022b05
                 protocol, then a 'wrongValue' error must be returned.
Packit 022b05
Packit 022b05
                 The value will be overwritten/set when a set operation
Packit 022b05
                 is performed on the corresponding instance of
Packit 022b05
                 usmUserCloneFrom.
Packit 022b05
Packit 022b05
                 Once instantiated, the value of such an instance of
Packit 022b05
                 this object can only be changed via a set operation to
Packit 022b05
                 the value of the usmNoPrivProtocol.
Packit 022b05
Packit 022b05
                 If a set operation tries to change the value of an
Packit 022b05
                 existing instance of this object to any value other
Packit 022b05
                 than usmNoPrivProtocol, then an 'inconsistentValue'
Packit 022b05
                 error must be returned.
Packit 022b05
Packit 022b05
                 Note that if any privacy protocol is used, then you
Packit 022b05
                 must also use an authentication protocol. In other
Packit 022b05
                 words, if usmUserPrivProtocol is set to anything else
Packit 022b05
                 than usmNoPrivProtocol, then the corresponding instance
Packit 022b05
                 of usmUserAuthProtocol cannot have a value of
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 usmNoAuthProtocol. If it does, then an
Packit 022b05
                 'inconsistentValue' error must be returned.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { usmNoPrivProtocol }
Packit 022b05
    ::= { usmUserEntry 8 }
Packit 022b05
Packit 022b05
usmUserPrivKeyChange OBJECT-TYPE
Packit 022b05
    SYNTAX       KeyChange  -- typically (SIZE (0 | 32)) for DES
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "An object, which when modified, causes the secret
Packit 022b05
                 encryption key used for messages sent on behalf
Packit 022b05
                 of this user to/from the SNMP engine identified by
Packit 022b05
                 usmUserEngineID, to be modified via a one-way
Packit 022b05
                 function.
Packit 022b05
Packit 022b05
                 The associated protocol is the usmUserPrivProtocol.
Packit 022b05
                 The associated secret key is the user's secret
Packit 022b05
                 privacy key (privKey). The associated hash
Packit 022b05
                 algorithm is the algorithm used by the user's
Packit 022b05
                 usmUserAuthProtocol.
Packit 022b05
Packit 022b05
                 When creating a new user, it is an 'inconsistentName'
Packit 022b05
                 error for a set operation to refer to this object
Packit 022b05
                 unless it is previously or concurrently initialized
Packit 022b05
                 through a set operation on the corresponding instance
Packit 022b05
                 of usmUserCloneFrom.
Packit 022b05
Packit 022b05
                 When the value of the corresponding usmUserPrivProtocol
Packit 022b05
                 is usmNoPrivProtocol, then a set is successful, but
Packit 022b05
                 effectively is a no-op.
Packit 022b05
Packit 022b05
                 When this object is read, the zero-length (empty)
Packit 022b05
                 string is returned.
Packit 022b05
                 See the description clause of usmUserAuthKeyChange for
Packit 022b05
                 a recommended procedure to do a key change.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { ''H }    -- the empty string
Packit 022b05
    ::= { usmUserEntry 9 }
Packit 022b05
Packit 022b05
usmUserOwnPrivKeyChange OBJECT-TYPE
Packit 022b05
    SYNTAX       KeyChange  -- typically (SIZE (0 | 32)) for DES
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "Behaves exactly as usmUserPrivKeyChange, with one
Packit 022b05
                 notable difference: in order for the Set operation
Packit 022b05
                 to succeed, the usmUserName of the operation
Packit 022b05
                 requester must match the usmUserName that indexes
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 the row which is targeted by this operation.
Packit 022b05
                 In addition, the USM security model must be
Packit 022b05
                 used for this operation.
Packit 022b05
Packit 022b05
                 The idea here is that access to this column can be
Packit 022b05
                 public, since it will only allow a user to change
Packit 022b05
                 his own secret privacy key (privKey).
Packit 022b05
                 Note that this can only be done once the row is active.
Packit 022b05
Packit 022b05
                 When a set is received and the usmUserName of the
Packit 022b05
                 requester is not the same as the umsUserName that
Packit 022b05
                 indexes the row which is targeted by this operation,
Packit 022b05
                 then a 'noAccess' error must be returned.
Packit 022b05
Packit 022b05
                 When a set is received and the security model in use
Packit 022b05
                 is not USM, then a 'noAccess' error must be returned.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { ''H }    -- the empty string
Packit 022b05
    ::= { usmUserEntry 10 }
Packit 022b05
Packit 022b05
usmUserPublic    OBJECT-TYPE
Packit 022b05
    SYNTAX       OCTET STRING (SIZE(0..32))
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "A publicly-readable value which can be written as part
Packit 022b05
                 of the procedure for changing a user's secret
Packit 022b05
                 authentication and/or privacy key, and later read to
Packit 022b05
                 determine whether the change of the secret was
Packit 022b05
                 effected.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { ''H }  -- the empty string
Packit 022b05
    ::= { usmUserEntry 11 }
Packit 022b05
Packit 022b05
usmUserStorageType OBJECT-TYPE
Packit 022b05
    SYNTAX       StorageType
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The storage type for this conceptual row.
Packit 022b05
Packit 022b05
                 Conceptual rows having the value 'permanent' must
Packit 022b05
                 allow write-access at a minimum to:
Packit 022b05
Packit 022b05
                 - usmUserAuthKeyChange, usmUserOwnAuthKeyChange
Packit 022b05
                   and usmUserPublic for a user who employs
Packit 022b05
                   authentication, and
Packit 022b05
                 - usmUserPrivKeyChange, usmUserOwnPrivKeyChange
Packit 022b05
                   and usmUserPublic for a user who employs
Packit 022b05
                   privacy.
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 Note that any user who employs authentication or
Packit 022b05
                 privacy must allow its secret(s) to be updated and
Packit 022b05
                 thus cannot be 'readOnly'.
Packit 022b05
Packit 022b05
                 If an initial set operation tries to set the value to
Packit 022b05
                 'readOnly' for a user who employs authentication or
Packit 022b05
                 privacy, then an 'inconsistentValue' error must be
Packit 022b05
                 returned.  Note that if the value has been previously
Packit 022b05
                 set (implicit or explicit) to any value, then the rules
Packit 022b05
                 as defined in the StorageType Textual Convention apply.
Packit 022b05
Packit 022b05
                 It is an implementation issue to decide if a SET for
Packit 022b05
                 a readOnly or permanent row is accepted at all. In some
Packit 022b05
                 contexts this may make sense, in others it may not. If
Packit 022b05
                 a SET for a readOnly or permanent row is not accepted
Packit 022b05
                 at all, then a 'wrongValue' error must be returned.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { nonVolatile }
Packit 022b05
    ::= { usmUserEntry 12 }
Packit 022b05
Packit 022b05
usmUserStatus    OBJECT-TYPE
Packit 022b05
    SYNTAX       RowStatus
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The status of this conceptual row.
Packit 022b05
Packit 022b05
                 Until instances of all corresponding columns are
Packit 022b05
                 appropriately configured, the value of the
Packit 022b05
                 corresponding instance of the usmUserStatus column
Packit 022b05
                 is 'notReady'.
Packit 022b05
Packit 022b05
                 In particular, a newly created row for a user who
Packit 022b05
                 employs authentication, cannot be made active until the
Packit 022b05
                 corresponding usmUserCloneFrom and usmUserAuthKeyChange
Packit 022b05
                 have been set.
Packit 022b05
Packit 022b05
                 Further, a newly created row for a user who also
Packit 022b05
                 employs privacy, cannot be made active until the
Packit 022b05
                 usmUserPrivKeyChange has been set.
Packit 022b05
Packit 022b05
                 The RowStatus TC [RFC2579] requires that this
Packit 022b05
                 DESCRIPTION clause states under which circumstances
Packit 022b05
                 other objects in this row can be modified:
Packit 022b05
Packit 022b05
                 The value of this object has no effect on whether
Packit 022b05
                 other objects in this conceptual row can be modified,
Packit 022b05
                 except for usmUserOwnAuthKeyChange and
Packit 022b05
                 usmUserOwnPrivKeyChange. For these 2 objects, the
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 value of usmUserStatus MUST be active.
Packit 022b05
                "
Packit 022b05
    ::= { usmUserEntry 13 }
Packit 022b05
Packit 022b05
-- Conformance Information *******************************************
Packit 022b05
Packit 022b05
usmMIBCompliances OBJECT IDENTIFIER ::= { usmMIBConformance 1 }
Packit 022b05
usmMIBGroups      OBJECT IDENTIFIER ::= { usmMIBConformance 2 }
Packit 022b05
Packit 022b05
-- Compliance statements
Packit 022b05
Packit 022b05
usmMIBCompliance MODULE-COMPLIANCE
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The compliance statement for SNMP engines which
Packit 022b05
                 implement the SNMP-USER-BASED-SM-MIB.
Packit 022b05
                "
Packit 022b05
Packit 022b05
    MODULE       -- this module
Packit 022b05
        MANDATORY-GROUPS { usmMIBBasicGroup }
Packit 022b05
Packit 022b05
        OBJECT           usmUserAuthProtocol
Packit 022b05
        MIN-ACCESS       read-only
Packit 022b05
        DESCRIPTION     "Write access is not required."
Packit 022b05
Packit 022b05
        OBJECT           usmUserPrivProtocol
Packit 022b05
        MIN-ACCESS       read-only
Packit 022b05
        DESCRIPTION     "Write access is not required."
Packit 022b05
Packit 022b05
    ::= { usmMIBCompliances 1 }
Packit 022b05
Packit 022b05
-- Units of compliance
Packit 022b05
usmMIBBasicGroup OBJECT-GROUP
Packit 022b05
    OBJECTS     {
Packit 022b05
                  usmStatsUnsupportedSecLevels,
Packit 022b05
                  usmStatsNotInTimeWindows,
Packit 022b05
                  usmStatsUnknownUserNames,
Packit 022b05
                  usmStatsUnknownEngineIDs,
Packit 022b05
                  usmStatsWrongDigests,
Packit 022b05
                  usmStatsDecryptionErrors,
Packit 022b05
                  usmUserSpinLock,
Packit 022b05
                  usmUserSecurityName,
Packit 022b05
                  usmUserCloneFrom,
Packit 022b05
                  usmUserAuthProtocol,
Packit 022b05
                  usmUserAuthKeyChange,
Packit 022b05
                  usmUserOwnAuthKeyChange,
Packit 022b05
                  usmUserPrivProtocol,
Packit 022b05
                  usmUserPrivKeyChange,
Packit 022b05
                  usmUserOwnPrivKeyChange,
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                  usmUserPublic,
Packit 022b05
                  usmUserStorageType,
Packit 022b05
                  usmUserStatus
Packit 022b05
                }
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "A collection of objects providing for configuration
Packit 022b05
                 of an SNMP engine which implements the SNMP
Packit 022b05
                 User-based Security Model.
Packit 022b05
                "
Packit 022b05
    ::= { usmMIBGroups 1 }
Packit 022b05
Packit 022b05
END