IPS-AUTH-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, Unsigned32,
mib-2
FROM SNMPv2-SMI
TEXTUAL-CONVENTION, RowStatus, AutonomousType, StorageType
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- RFC 3411
AddressFamilyNumbers
FROM IANA-ADDRESS-FAMILY-NUMBERS-MIB
;
ipsAuthMibModule MODULE-IDENTITY
LAST-UPDATED "200605220000Z" -- May 22, 2006
ORGANIZATION "IETF IPS Working Group"
CONTACT-INFO
"
Mark Bakke
Postal: Cisco Systems, Inc
7900 International Drive, Suite 400
Bloomington, MN
USA 55425
E-mail: mbakke@cisco.com
James Muchow
Postal: Qlogic Corp.
6321 Bury Dr.
Eden Prairie, MN
USA 55346
E-Mail: james.muchow@qlogic.com"
DESCRIPTION
"The IP Storage Authorization MIB module.
Copyright (C) The Internet Society (2006). This version of
this MIB module is part of RFC 4545; see the RFC itself for
full legal notices."
REVISION "200605220000Z" -- May 22, 2006
DESCRIPTION
"Initial version of the IP Storage Authentication MIB module,
published as RFC 4545"
::= { mib-2 141 }
ipsAuthNotifications OBJECT IDENTIFIER ::= { ipsAuthMibModule 0 }
ipsAuthObjects OBJECT IDENTIFIER ::= { ipsAuthMibModule 1 }
ipsAuthConformance OBJECT IDENTIFIER ::= { ipsAuthMibModule 2 }
-- Textual Conventions
IpsAuthAddress ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"IP Storage requires the use of address information
that uses not only the InetAddress type defined in the
INET-ADDRESS-MIB, but also Fibre Channel type defined
in the Fibre Channel Management MIB. Although these
address types are recognized in the IANA Address Family
Numbers MIB, the addressing mechanisms have not been
merged into a well-known, common type. This data type,
the IpsAuthAddress, performs the merging for this MIB
module.
The formats of objects of this type are determined by
a corresponding object with syntax AddressFamilyNumbers,
and thus every object defined using this TC must
identify the object with syntax AddressFamilyNumbers
that specifies its type.
The syntax and semantics of this object depend on the
identified AddressFamilyNumbers object as follows:
AddressFamilyNumbers this object
==================== ===========
ipV4(1) restricted to the same syntax and
semantics as the InetAddressIPv4 TC.
ipV6(2) restricted to the same syntax and
semantics as the InetAddressIPv6 TC.
fibreChannelWWPN (22)
& fibreChannelWWNN(23) restricted to the same syntax and
semantics as the FcNameIdOrZero TC.
Types other than the above should not be used unless
the corresponding format of the IpsAuthAddress object is
further specified (e.g., in a future revision of this TC)."
REFERENCE
"IANA-ADDRESS-FAMILY-NUMBERS-MIB;
INET-ADDRESS-MIB (RFC 4001);
FC-MGMT-MIB (RFC 4044)."
SYNTAX OCTET STRING (SIZE(0..255))
--******************************************************************
ipsAuthDescriptors OBJECT IDENTIFIER ::= { ipsAuthObjects 1 }
ipsAuthMethodTypes OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Registration point for Authentication Method Types."
REFERENCE "RFC 3720, iSCSI Protocol Specification."
::= { ipsAuthDescriptors 1 }
ipsAuthMethodNone OBJECT-IDENTITY
STATUS current
DESCRIPTION
"The authoritative identifier when no authentication
method is used."
REFERENCE "RFC 3720, iSCSI Protocol Specification."
::= { ipsAuthMethodTypes 1 }
ipsAuthMethodSrp OBJECT-IDENTITY
STATUS current
DESCRIPTION
"The authoritative identifier when the authentication
method is SRP."
REFERENCE "RFC 3720, iSCSI Protocol Specification."
::= { ipsAuthMethodTypes 2 }
ipsAuthMethodChap OBJECT-IDENTITY
STATUS current
DESCRIPTION
"The authoritative identifier when the authentication
method is CHAP."
REFERENCE "RFC 3720, iSCSI Protocol Specification."
::= { ipsAuthMethodTypes 3 }
ipsAuthMethodKerberos OBJECT-IDENTITY
STATUS current
DESCRIPTION
"The authoritative identifier when the authentication
method is Kerberos."
REFERENCE "RFC 3720, iSCSI Protocol Specification."
::= { ipsAuthMethodTypes 4 }
--******************************************************************
ipsAuthInstance OBJECT IDENTIFIER ::= { ipsAuthObjects 2 }
-- Instance Attributes Table
ipsAuthInstanceAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthInstanceAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of Authorization instances present on the system."
::= { ipsAuthInstance 2 }
ipsAuthInstanceAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthInstanceAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (row) containing management information
applicable to a particular Authorization instance."
INDEX { ipsAuthInstIndex }
::= { ipsAuthInstanceAttributesTable 1 }
IpsAuthInstanceAttributesEntry ::= SEQUENCE {
ipsAuthInstIndex Unsigned32,
ipsAuthInstDescr SnmpAdminString,
ipsAuthInstStorageType StorageType
}
ipsAuthInstIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An arbitrary integer used to uniquely identify a
particular authorization instance. This index value
must not be modified or reused by an agent unless
a reboot has occurred. An agent should attempt to
keep this value persistent across reboots."
::= { ipsAuthInstanceAttributesEntry 1 }
ipsAuthInstDescr OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A character string, determined by the implementation to
describe the authorization instance. When only a single
instance is present, this object may be set to the
zero-length string; with multiple authorization
instances, it must be set to a unique value in an
implementation-dependent manner to describe the purpose
of the respective instance. If this is deployed in a
master agent with more than one subagent implementing
this MIB module, the master agent is responsible for
ensuring that this object is unique across all
subagents."
::= { ipsAuthInstanceAttributesEntry 2 }
ipsAuthInstStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The storage type for all read-write objects within this
row. Rows in this table are always created via an
external process, and may have a storage type of readOnly
or permanent. Conceptual rows having the value 'permanent'
need not allow write access to any columnar objects in
the row.
If this object has the value 'volatile', modifications
to read-write objects in this row are not persistent
across reboots. If this object has the value
'nonVolatile', modifications to objects in this row
are persistent.
An implementation may choose to allow this object
to be set to either 'nonVolatile' or 'volatile',
allowing the management application to choose this
behavior."
DEFVAL { volatile }
::= { ipsAuthInstanceAttributesEntry 3 }
ipsAuthIdentity OBJECT IDENTIFIER ::= { ipsAuthObjects 3 }
-- User Identity Attributes Table
ipsAuthIdentAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthIdentAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of user identities, each belonging to a
particular ipsAuthInstance."
::= { ipsAuthIdentity 1 }
ipsAuthIdentAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthIdentAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (row) containing management information
describing a user identity within an authorization
instance on this node."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex }
::= { ipsAuthIdentAttributesTable 1 }
IpsAuthIdentAttributesEntry ::= SEQUENCE {
ipsAuthIdentIndex Unsigned32,
ipsAuthIdentDescription SnmpAdminString,
ipsAuthIdentRowStatus RowStatus,
ipsAuthIdentStorageType StorageType
}
ipsAuthIdentIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An arbitrary integer used to uniquely identify a
particular identity instance within an authorization
instance present on the node. This index value
must not be modified or reused by an agent unless
a reboot has occurred. An agent should attempt to
keep this value persistent across reboots."
::= { ipsAuthIdentAttributesEntry 1 }
ipsAuthIdentDescription OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A character string describing this particular identity."
::= { ipsAuthIdentAttributesEntry 2 }
ipsAuthIdentRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This field allows entries to be dynamically added and
removed from this table via SNMP. When adding a row to
this table, all non-Index/RowStatus objects must be set.
Rows may be discarded using RowStatus. The value of
ipsAuthIdentDescription may be set while
ipsAuthIdentRowStatus is 'active'."
::= { ipsAuthIdentAttributesEntry 3 }
ipsAuthIdentStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for all read-create objects in this row.
Rows in this table that were created through an external
process may have a storage type of readOnly or permanent.
Conceptual rows having the value 'permanent' need not
allow write access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { ipsAuthIdentAttributesEntry 4 }
ipsAuthIdentityName OBJECT IDENTIFIER ::= { ipsAuthObjects 4 }
-- User Initiator Name Attributes Table
ipsAuthIdentNameAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthIdentNameAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of unique names that can be used to positively
identify a particular user identity."
::= { ipsAuthIdentityName 1 }
ipsAuthIdentNameAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthIdentNameAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (row) containing management information
applicable to a unique identity name, which can be used
to identify a user identity within a particular
authorization instance."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
ipsAuthIdentNameIndex }
::= { ipsAuthIdentNameAttributesTable 1 }
IpsAuthIdentNameAttributesEntry ::= SEQUENCE {
ipsAuthIdentNameIndex Unsigned32,
ipsAuthIdentName SnmpAdminString,
ipsAuthIdentNameRowStatus RowStatus,
ipsAuthIdentNameStorageType StorageType
}
ipsAuthIdentNameIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An arbitrary integer used to uniquely identify a
particular identity name instance within an
ipsAuthIdentity within an authorization instance.
This index value must not be modified or reused by
an agent unless a reboot has occurred. An agent
should attempt to keep this value persistent across
reboots."
::= { ipsAuthIdentNameAttributesEntry 1 }
ipsAuthIdentName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A character string that is the unique name of an
identity that may be used to identify this ipsAuthIdent
entry."
::= { ipsAuthIdentNameAttributesEntry 2 }
ipsAuthIdentNameRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This field allows entries to be dynamically added and
removed from this table via SNMP. When adding a row to
this table, all non-Index/RowStatus objects must be set.
Rows may be discarded using RowStatus. The value of
ipsAuthIdentName may be set when this value is 'active'."
::= { ipsAuthIdentNameAttributesEntry 3 }
ipsAuthIdentNameStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for all read-create objects in this row.
Rows in this table that were created through an external
process may have a storage type of readOnly or permanent.
Conceptual rows having the value 'permanent' need not
allow write access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { ipsAuthIdentNameAttributesEntry 4 }
ipsAuthIdentityAddress OBJECT IDENTIFIER ::= { ipsAuthObjects 5 }
-- User Initiator Address Attributes Table
ipsAuthIdentAddrAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthIdentAddrAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of address ranges that are allowed to serve
as the endpoint addresses of a particular identity.
An address range includes a starting and ending address
and an optional netmask, and an address type indicator,
which can specify whether the address is IPv4, IPv6,
FC-WWPN, or FC-WWNN."
::= { ipsAuthIdentityAddress 1 }
ipsAuthIdentAddrAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthIdentAddrAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (row) containing management information
applicable to an address range that is used as part
of the authorization of an identity
within an authorization instance on this node."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
ipsAuthIdentAddrIndex }
::= { ipsAuthIdentAddrAttributesTable 1 }
IpsAuthIdentAddrAttributesEntry ::= SEQUENCE {
ipsAuthIdentAddrIndex Unsigned32,
ipsAuthIdentAddrType AddressFamilyNumbers,
ipsAuthIdentAddrStart IpsAuthAddress,
ipsAuthIdentAddrEnd IpsAuthAddress,
ipsAuthIdentAddrRowStatus RowStatus,
ipsAuthIdentAddrStorageType StorageType
}
ipsAuthIdentAddrIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An arbitrary integer used to uniquely identify a
particular ipsAuthIdentAddress instance within an
ipsAuthIdentity within an authorization instance
present on the node.
This index value must not be modified or reused by
an agent unless a reboot has occurred. An agent
should attempt to keep this value persistent across
reboots."
::= { ipsAuthIdentAddrAttributesEntry 1 }
ipsAuthIdentAddrType OBJECT-TYPE
SYNTAX AddressFamilyNumbers
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The address types used in the ipsAuthIdentAddrStart
and ipsAuthAddrEnd objects. This type is taken
from the IANA address family types."
::= { ipsAuthIdentAddrAttributesEntry 2 }
ipsAuthIdentAddrStart OBJECT-TYPE
SYNTAX IpsAuthAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The starting address of the allowed address range.
The format of this object is determined by
ipsAuthIdentAddrType."
::= { ipsAuthIdentAddrAttributesEntry 3 }
ipsAuthIdentAddrEnd OBJECT-TYPE
SYNTAX IpsAuthAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The ending address of the allowed address range.
If the ipsAuthIdentAddrEntry specifies a single
address, this shall match the ipsAuthIdentAddrStart.
The format of this object is determined by
ipsAuthIdentAddrType."
::= { ipsAuthIdentAddrAttributesEntry 4 }
ipsAuthIdentAddrRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This field allows entries to be dynamically added and
removed from this table via SNMP. When adding a row to
this table, all non-Index/RowStatus objects must be set.
Rows may be discarded using RowStatus. The values of
ipsAuthIdentAddrStart and ipsAuthIdentAddrEnd may be set
when this value is 'active'. The value of
ipsAuthIdentAddrType may not be set when this value is
'active'."
::= { ipsAuthIdentAddrAttributesEntry 5 }
ipsAuthIdentAddrStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for all read-create objects in this row.
Rows in this table that were created through an external
process may have a storage type of readOnly or permanent.
Conceptual rows having the value 'permanent' need not
allow write access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { ipsAuthIdentAddrAttributesEntry 6 }
ipsAuthCredential OBJECT IDENTIFIER ::= { ipsAuthObjects 6 }
-- Credential Attributes Table
ipsAuthCredentialAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthCredentialAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of credentials related to user identities
that are allowed as valid authenticators of the
particular identity."
::= { ipsAuthCredential 1 }
ipsAuthCredentialAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthCredentialAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (row) containing management information
applicable to a credential that verifies a user
identity within an authorization instance.
To provide complete information in this MIB for a credential,
the management station must not only create the row in this
table but must also create a row in another table, where the
other table is determined by the value of
ipsAuthCredAuthMethod, e.g., if ipsAuthCredAuthMethod has the
value ipsAuthMethodChap, a row must be created in the
ipsAuthCredChapAttributesTable."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
::= { ipsAuthCredentialAttributesTable 1 }
IpsAuthCredentialAttributesEntry ::= SEQUENCE {
ipsAuthCredIndex Unsigned32,
ipsAuthCredAuthMethod AutonomousType,
ipsAuthCredRowStatus RowStatus,
ipsAuthCredStorageType StorageType
}
ipsAuthCredIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An arbitrary integer used to uniquely identify a
particular Credential instance within an instance
present on the node.
This index value must not be modified or reused by
an agent unless a reboot has occurred. An agent
should attempt to keep this value persistent across
reboots."
::= { ipsAuthCredentialAttributesEntry 1 }
ipsAuthCredAuthMethod OBJECT-TYPE
SYNTAX AutonomousType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object contains an OBJECT IDENTIFIER
that identifies the authentication method
used with this credential.
When a row is created in this table, a corresponding
row must be created by the management station
in a corresponding table specified by this value.
When a row is deleted from this table, the corresponding
row must be automatically deleted by the agent in
the corresponding table specified by this value.
If the value of this object is ipsAuthMethodNone, no
corresponding rows are created or deleted from other
tables.
Some standardized values for this object are defined
within the ipsAuthMethodTypes subtree."
::= { ipsAuthCredentialAttributesEntry 2 }
ipsAuthCredRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This field allows entries to be dynamically added and
removed from this table via SNMP. When adding a row to
this table, all non-Index/RowStatus objects must be set.
Rows may be discarded using RowStatus. The value of
ipsAuthCredAuthMethod must not be changed while this row
is 'active'."
::= { ipsAuthCredentialAttributesEntry 3 }
ipsAuthCredStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for all read-create objects in this row.
Rows in this table that were created through an external
process may have a storage type of readOnly or permanent.
Conceptual rows having the value 'permanent' need not
allow write access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { ipsAuthCredentialAttributesEntry 4 }
ipsAuthCredChap OBJECT IDENTIFIER ::= { ipsAuthObjects 7 }
-- Credential Chap-Specific Attributes Table
ipsAuthCredChapAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthCredChapAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of CHAP attributes for credentials that
use ipsAuthMethodChap as their ipsAuthCredAuthMethod.
A row in this table can only exist when an instance of
the ipsAuthCredAuthMethod object exists (or is created
simultaneously) having the same instance identifiers
and a value of 'ipsAuthMethodChap'."
::= { ipsAuthCredChap 1 }
ipsAuthCredChapAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthCredChapAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (row) containing management information
applicable to a credential that uses
ipsAuthMethodChap as their ipsAuthCredAuthMethod.
When a row is created in ipsAuthCredentialAttributesTable
with ipsAuthCredAuthMethod = ipsAuthCredChap, the
management station must create a corresponding row
in this table.
When a row is deleted from ipsAuthCredentialAttributesTable
with ipsAuthCredAuthMethod = ipsAuthCredChap, the
agent must delete the corresponding row (if any) in
this table."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
::= { ipsAuthCredChapAttributesTable 1 }
IpsAuthCredChapAttributesEntry ::= SEQUENCE {
ipsAuthCredChapUserName SnmpAdminString,
ipsAuthCredChapRowStatus RowStatus,
ipsAuthCredChapStorageType StorageType
}
ipsAuthCredChapUserName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A character string containing the CHAP user name for this
credential."
REFERENCE
"W. Simpson, RFC 1994: PPP Challenge Handshake
Authentication Protocol (CHAP), August 1996"
::= { ipsAuthCredChapAttributesEntry 1 }
ipsAuthCredChapRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This field allows entries to be dynamically added and
removed from this table via SNMP. When adding a row to
this table, all non-Index/RowStatus objects must be set.
Rows may be discarded using RowStatus. The value of
ipsAuthCredChapUserName may be changed while this row
is 'active'."
::= { ipsAuthCredChapAttributesEntry 2 }
ipsAuthCredChapStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for all read-create objects in this row.
Rows in this table that were created through an external
process may have a storage type of readOnly or permanent.
Conceptual rows having the value 'permanent' need not
allow write access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { ipsAuthCredChapAttributesEntry 3 }
ipsAuthCredSrp OBJECT IDENTIFIER ::= { ipsAuthObjects 8 }
-- Credential Srp-Specific Attributes Table
ipsAuthCredSrpAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthCredSrpAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of SRP attributes for credentials that
use ipsAuthMethodSrp as its ipsAuthCredAuthMethod.
A row in this table can only exist when an instance of
the ipsAuthCredAuthMethod object exists (or is created
simultaneously) having the same instance identifiers
and a value of 'ipsAuthMethodSrp'."
::= { ipsAuthCredSrp 1 }
ipsAuthCredSrpAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthCredSrpAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (row) containing management information
applicable to a credential that uses
ipsAuthMethodSrp as their ipsAuthCredAuthMethod.
When a row is created in ipsAuthCredentialAttributesTable
with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
management station must create a corresponding row
in this table.
When a row is deleted from ipsAuthCredentialAttributesTable
with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
agent must delete the corresponding row (if any) in
this table."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
::= { ipsAuthCredSrpAttributesTable 1 }
IpsAuthCredSrpAttributesEntry ::= SEQUENCE {
ipsAuthCredSrpUserName SnmpAdminString,
ipsAuthCredSrpRowStatus RowStatus,
ipsAuthCredSrpStorageType StorageType
}
ipsAuthCredSrpUserName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A character string containing the SRP user name for this
credential."
REFERENCE
"T. Wu, RFC 2945: The SRP Authentication and Key
Exchange System, September 2000"
::= { ipsAuthCredSrpAttributesEntry 1 }
ipsAuthCredSrpRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This field allows entries to be dynamically added and
removed from this table via SNMP. When adding a row to
this table, all non-Index/RowStatus objects must be set.
Rows may be discarded using RowStatus. The value of
ipsAuthCredSrpUserName may be changed while the status
of this row is 'active'."
::= { ipsAuthCredSrpAttributesEntry 2 }
ipsAuthCredSrpStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for all read-create objects in this row.
Rows in this table that were created through an external
process may have a storage type of readOnly or permanent.
Conceptual rows having the value 'permanent' need not
allow write access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { ipsAuthCredSrpAttributesEntry 3 }
ipsAuthCredKerberos OBJECT IDENTIFIER ::= { ipsAuthObjects 9 }
-- Credential Kerberos-Specific Attributes Table
ipsAuthCredKerbAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthCredKerbAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of Kerberos attributes for credentials that
use ipsAuthMethodKerberos as their ipsAuthCredAuthMethod.
A row in this table can only exist when an instance of
the ipsAuthCredAuthMethod object exists (or is created
simultaneously) having the same instance identifiers
and a value of 'ipsAuthMethodKerb'."
::= { ipsAuthCredKerberos 1 }
ipsAuthCredKerbAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthCredKerbAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (row) containing management information
applicable to a credential that uses
ipsAuthMethodKerberos as its ipsAuthCredAuthMethod.
When a row is created in ipsAuthCredentialAttributesTable
with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
management station must create a corresponding row
in this table.
When a row is deleted from ipsAuthCredentialAttributesTable
with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
agent must delete the corresponding row (if any) in
this table."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
::= { ipsAuthCredKerbAttributesTable 1 }
IpsAuthCredKerbAttributesEntry ::= SEQUENCE {
ipsAuthCredKerbPrincipal SnmpAdminString,
ipsAuthCredKerbRowStatus RowStatus,
ipsAuthCredKerbStorageType StorageType
}
ipsAuthCredKerbPrincipal OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A character string containing a Kerberos principal
for this credential."
REFERENCE
"C. Neuman, S. Hartman, and K. Raeburn, RFC 4120:
The Kerberos Network Authentication Service (V5),
July 2005"
::= { ipsAuthCredKerbAttributesEntry 1 }
ipsAuthCredKerbRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This field allows entries to be dynamically added and
removed from this table via SNMP. When adding a row to
this table, all non-Index/RowStatus objects must be set.
Rows may be discarded using RowStatus. The value of
ipsAuthCredKerbPrincipal may be changed while this row
is 'active'."
::= { ipsAuthCredKerbAttributesEntry 2 }
ipsAuthCredKerbStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for all read-create objects in this row.
Rows in this table that were created through an external
process may have a storage type of readOnly or permanent.
Conceptual rows having the value 'permanent' need not
allow write access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { ipsAuthCredKerbAttributesEntry 3 }
--******************************************************************
-- Notifications
-- There are no notifications necessary in this MIB module.
--******************************************************************
-- Conformance Statements
ipsAuthCompliances OBJECT IDENTIFIER ::= { ipsAuthConformance 1 }
ipsAuthGroups OBJECT IDENTIFIER ::= { ipsAuthConformance 2 }
ipsAuthInstanceAttributesGroup OBJECT-GROUP
OBJECTS {
ipsAuthInstDescr,
ipsAuthInstStorageType
}
STATUS current
DESCRIPTION
"A collection of objects providing information about
authorization instances."
::= { ipsAuthGroups 1 }
ipsAuthIdentAttributesGroup OBJECT-GROUP
OBJECTS {
ipsAuthIdentDescription,
ipsAuthIdentRowStatus,
ipsAuthIdentStorageType
}
STATUS current
DESCRIPTION
"A collection of objects providing information about
user identities within an authorization instance."
::= { ipsAuthGroups 2 }
ipsAuthIdentNameAttributesGroup OBJECT-GROUP
OBJECTS {
ipsAuthIdentName,
ipsAuthIdentNameRowStatus,
ipsAuthIdentNameStorageType
}
STATUS current
DESCRIPTION
"A collection of objects providing information about
user names within user identities within an authorization
instance."
::= { ipsAuthGroups 3 }
ipsAuthIdentAddrAttributesGroup OBJECT-GROUP
OBJECTS {
ipsAuthIdentAddrType,
ipsAuthIdentAddrStart,
ipsAuthIdentAddrEnd,
ipsAuthIdentAddrRowStatus,
ipsAuthIdentAddrStorageType
}
STATUS current
DESCRIPTION
"A collection of objects providing information about
address ranges within user identities within an
authorization instance."
::= { ipsAuthGroups 4 }
ipsAuthIdentCredAttributesGroup OBJECT-GROUP
OBJECTS {
ipsAuthCredAuthMethod,
ipsAuthCredRowStatus,
ipsAuthCredStorageType
}
STATUS current
DESCRIPTION
"A collection of objects providing information about
credentials within user identities within an authorization
instance."
::= { ipsAuthGroups 5 }
ipsAuthIdentChapAttrGroup OBJECT-GROUP
OBJECTS {
ipsAuthCredChapUserName,
ipsAuthCredChapRowStatus,
ipsAuthCredChapStorageType
}
STATUS current
DESCRIPTION
"A collection of objects providing information about
CHAP credentials within user identities within an
authorization instance."
::= { ipsAuthGroups 6 }
ipsAuthIdentSrpAttrGroup OBJECT-GROUP
OBJECTS {
ipsAuthCredSrpUserName,
ipsAuthCredSrpRowStatus,
ipsAuthCredSrpStorageType
}
STATUS current
DESCRIPTION
"A collection of objects providing information about
SRP credentials within user identities within an
authorization instance."
::= { ipsAuthGroups 7 }
ipsAuthIdentKerberosAttrGroup OBJECT-GROUP
OBJECTS {
ipsAuthCredKerbPrincipal,
ipsAuthCredKerbRowStatus,
ipsAuthCredKerbStorageType
}
STATUS current
DESCRIPTION
"A collection of objects providing information about
Kerberos credentials within user identities within an
authorization instance."
::= { ipsAuthGroups 8 }
--******************************************************************
ipsAuthComplianceV1 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Initial version of compliance statement based on
initial version of this MIB module.
The Instance and Identity groups are mandatory;
at least one of the other groups (Name, Address,
Credential, Certificate) is also mandatory for
any given implementation."
MODULE -- this module
MANDATORY-GROUPS {
ipsAuthInstanceAttributesGroup,
ipsAuthIdentAttributesGroup
}
-- Conditionally mandatory groups to be included with
-- the mandatory groups when necessary.
GROUP ipsAuthIdentNameAttributesGroup
DESCRIPTION
"This group is mandatory for all implementations
that make use of unique identity names."
GROUP ipsAuthIdentAddrAttributesGroup
DESCRIPTION
"This group is mandatory for all implementations
that use addresses to help verify identities."
GROUP ipsAuthIdentCredAttributesGroup
DESCRIPTION
"This group is mandatory for all implementations
that use credentials to help verify identities."
GROUP ipsAuthIdentChapAttrGroup
DESCRIPTION
"This group is mandatory for all implementations
that use CHAP to help verify identities.
The ipsAuthIdentCredAttributesGroup must be
implemented if this group is implemented."
GROUP ipsAuthIdentSrpAttrGroup
DESCRIPTION
"This group is mandatory for all implementations
that use SRP to help verify identities.
The ipsAuthIdentCredAttributesGroup must be
implemented if this group is implemented."
GROUP ipsAuthIdentKerberosAttrGroup
DESCRIPTION
"This group is mandatory for all implementations
that use Kerberos to help verify identities.
The ipsAuthIdentCredAttributesGroup must be
implemented if this group is implemented."
OBJECT ipsAuthInstDescr
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT ipsAuthInstStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT ipsAuthIdentDescription
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT ipsAuthIdentRowStatus
SYNTAX INTEGER { active(1) } -- subset of RowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, and only one of the
six enumerated values for the RowStatus textual
convention need be supported, specifically:
active(1)."
OBJECT ipsAuthIdentName
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT ipsAuthIdentNameRowStatus
SYNTAX INTEGER { active(1) } -- subset of RowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, and only one of the
six enumerated values for the RowStatus textual
convention need be supported, specifically:
active(1)."
OBJECT ipsAuthIdentAddrType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT ipsAuthIdentAddrStart
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT ipsAuthIdentAddrEnd
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT ipsAuthIdentAddrRowStatus
SYNTAX INTEGER { active(1) } -- subset of RowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, and only one of the
six enumerated values for the RowStatus textual
convention need be supported, specifically:
active(1)."
OBJECT ipsAuthCredAuthMethod
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT ipsAuthCredRowStatus
SYNTAX INTEGER { active(1) } -- subset of RowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, and only one of the
six enumerated values for the RowStatus textual
convention need be supported, specifically:
active(1)."
OBJECT ipsAuthCredChapUserName
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT ipsAuthCredChapRowStatus
SYNTAX INTEGER { active(1) } -- subset of RowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, and only one of the
six enumerated values for the RowStatus textual
convention need be supported, specifically:
active(1)."
OBJECT ipsAuthCredSrpUserName
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT ipsAuthCredSrpRowStatus
SYNTAX INTEGER { active(1) } -- subset of RowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, and only one of the
six enumerated values for the RowStatus textual
convention need be supported, specifically:
active(1)."
OBJECT ipsAuthCredKerbPrincipal
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT ipsAuthCredKerbRowStatus
SYNTAX INTEGER { active(1) } -- subset of RowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, and only one of the six
enumerated values for the RowStatus textual convention need
be supported, specifically: active(1)."
::= { ipsAuthCompliances 1 }
END