Blob Blame History Raw
IPS-AUTH-MIB DEFINITIONS  ::= BEGIN

    IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, Unsigned32,
    mib-2
    FROM SNMPv2-SMI

    TEXTUAL-CONVENTION, RowStatus, AutonomousType, StorageType
    FROM SNMPv2-TC

    MODULE-COMPLIANCE, OBJECT-GROUP
    FROM SNMPv2-CONF

    SnmpAdminString
    FROM SNMP-FRAMEWORK-MIB -- RFC 3411

    AddressFamilyNumbers
    FROM IANA-ADDRESS-FAMILY-NUMBERS-MIB
    ;

ipsAuthMibModule MODULE-IDENTITY
    LAST-UPDATED  "200605220000Z" -- May 22, 2006
    ORGANIZATION  "IETF IPS Working Group"
    CONTACT-INFO
    "
    Mark Bakke
    Postal: Cisco Systems, Inc
    7900 International Drive, Suite 400
    Bloomington, MN
    USA 55425

    E-mail: mbakke@cisco.com

    James Muchow
    Postal: Qlogic Corp.
    6321 Bury Dr.
    Eden Prairie, MN
    USA 55346

    E-Mail: james.muchow@qlogic.com"

    DESCRIPTION
        "The IP Storage Authorization MIB module.
         Copyright (C) The Internet Society (2006).  This version of
         this MIB module is part of RFC 4545;  see the RFC itself for
         full legal notices."



    REVISION "200605220000Z" -- May 22, 2006
    DESCRIPTION
        "Initial version of the IP Storage Authentication MIB module,
        published as RFC 4545"

::= { mib-2 141 }

ipsAuthNotifications OBJECT IDENTIFIER ::= { ipsAuthMibModule 0 }
ipsAuthObjects       OBJECT IDENTIFIER ::= { ipsAuthMibModule 1 }
ipsAuthConformance   OBJECT IDENTIFIER ::= { ipsAuthMibModule 2 }

-- Textual Conventions

IpsAuthAddress ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
        "IP Storage requires the use of address information
        that uses not only the InetAddress type defined in the
        INET-ADDRESS-MIB, but also Fibre Channel type defined
        in the Fibre Channel Management MIB.  Although these
        address types are recognized in the IANA Address Family
        Numbers MIB, the addressing mechanisms have not been
        merged into a well-known, common type.  This data type,
        the IpsAuthAddress, performs the merging for this MIB
        module.

        The formats of objects of this type are determined by
        a corresponding object with syntax AddressFamilyNumbers,
        and thus every object defined using this TC must
        identify the object with syntax AddressFamilyNumbers
        that specifies its type.

        The syntax and semantics of this object depend on the
        identified AddressFamilyNumbers object as follows:

        AddressFamilyNumbers   this object
        ====================   ===========
        ipV4(1)                restricted to the same syntax and
                               semantics as the InetAddressIPv4 TC.

        ipV6(2)                restricted to the same syntax and
                               semantics as the InetAddressIPv6 TC.

        fibreChannelWWPN (22)
        & fibreChannelWWNN(23) restricted to the same syntax and
                               semantics as the FcNameIdOrZero TC.

        Types other than the above should not be used unless



        the corresponding format of the IpsAuthAddress object is
        further specified (e.g., in a future revision of this TC)."
    REFERENCE
        "IANA-ADDRESS-FAMILY-NUMBERS-MIB;
         INET-ADDRESS-MIB (RFC 4001);
         FC-MGMT-MIB (RFC 4044)."
    SYNTAX        OCTET STRING (SIZE(0..255))

--******************************************************************

ipsAuthDescriptors OBJECT IDENTIFIER ::= { ipsAuthObjects 1 }

ipsAuthMethodTypes OBJECT-IDENTITY
    STATUS        current
    DESCRIPTION
        "Registration point for Authentication Method Types."
    REFERENCE "RFC 3720, iSCSI Protocol Specification."
::= { ipsAuthDescriptors 1 }

ipsAuthMethodNone OBJECT-IDENTITY
    STATUS        current
    DESCRIPTION
        "The authoritative identifier when no authentication
        method is used."
    REFERENCE "RFC 3720, iSCSI Protocol Specification."
::= { ipsAuthMethodTypes 1 }

ipsAuthMethodSrp OBJECT-IDENTITY
    STATUS        current
    DESCRIPTION
        "The authoritative identifier when the authentication
        method is SRP."
    REFERENCE "RFC 3720, iSCSI Protocol Specification."
::= { ipsAuthMethodTypes 2 }

ipsAuthMethodChap OBJECT-IDENTITY
    STATUS        current
    DESCRIPTION
        "The authoritative identifier when the authentication
        method is CHAP."
    REFERENCE "RFC 3720, iSCSI Protocol Specification."
::= { ipsAuthMethodTypes 3 }

ipsAuthMethodKerberos OBJECT-IDENTITY
    STATUS        current
    DESCRIPTION
        "The authoritative identifier when the authentication
        method is Kerberos."



    REFERENCE "RFC 3720, iSCSI Protocol Specification."
::= { ipsAuthMethodTypes 4 }

--******************************************************************

ipsAuthInstance OBJECT IDENTIFIER ::= { ipsAuthObjects 2 }

-- Instance Attributes Table

ipsAuthInstanceAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IpsAuthInstanceAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of Authorization instances present on the system."
::= { ipsAuthInstance 2 }

ipsAuthInstanceAttributesEntry OBJECT-TYPE
    SYNTAX        IpsAuthInstanceAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information
        applicable to a particular Authorization instance."
    INDEX { ipsAuthInstIndex }
::= { ipsAuthInstanceAttributesTable 1 }

IpsAuthInstanceAttributesEntry ::= SEQUENCE {
    ipsAuthInstIndex               Unsigned32,
    ipsAuthInstDescr               SnmpAdminString,
    ipsAuthInstStorageType         StorageType
}

ipsAuthInstIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a
        particular authorization instance.  This index value
        must not be modified or reused by an agent unless
        a reboot has occurred.  An agent should attempt to
        keep this value persistent across reboots."
::= { ipsAuthInstanceAttributesEntry 1 }

ipsAuthInstDescr OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-write



    STATUS        current
    DESCRIPTION
        "A character string, determined by the implementation to
        describe the authorization instance.  When only a single
        instance is present, this object may be set to the
        zero-length string; with multiple authorization
        instances, it must be set to a unique value in an
        implementation-dependent manner to describe the purpose
        of the respective instance.  If this is deployed in a
        master agent with more than one subagent implementing
        this MIB module, the master agent is responsible for
        ensuring that this object is unique across all
        subagents."
::= { ipsAuthInstanceAttributesEntry 2 }

ipsAuthInstStorageType OBJECT-TYPE
    SYNTAX        StorageType
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The storage type for all read-write objects within this
         row.  Rows in this table are always created via an
         external process, and may have a storage type of readOnly
         or permanent.  Conceptual rows having the value 'permanent'
         need not allow write access to any columnar objects in
         the row.

         If this object has the value 'volatile', modifications
         to read-write objects in this row are not persistent
         across reboots.  If this object has the value
         'nonVolatile', modifications to objects in this row
         are persistent.

         An implementation may choose to allow this object
         to be set to either 'nonVolatile' or 'volatile',
         allowing the management application to choose this
         behavior."
    DEFVAL        { volatile }
::= { ipsAuthInstanceAttributesEntry 3 }

ipsAuthIdentity OBJECT IDENTIFIER ::= { ipsAuthObjects 3 }

-- User Identity Attributes Table

ipsAuthIdentAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IpsAuthIdentAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current



    DESCRIPTION
        "A list of user identities, each belonging to a
        particular ipsAuthInstance."
::= { ipsAuthIdentity 1 }

ipsAuthIdentAttributesEntry OBJECT-TYPE
    SYNTAX        IpsAuthIdentAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information
        describing a user identity within an authorization
        instance on this node."
    INDEX { ipsAuthInstIndex, ipsAuthIdentIndex }
::= { ipsAuthIdentAttributesTable  1 }

IpsAuthIdentAttributesEntry ::= SEQUENCE {
    ipsAuthIdentIndex              Unsigned32,
    ipsAuthIdentDescription        SnmpAdminString,
    ipsAuthIdentRowStatus          RowStatus,
    ipsAuthIdentStorageType        StorageType
}

ipsAuthIdentIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a
        particular identity instance within an authorization
        instance present on the node.  This index value
        must not be modified or reused by an agent unless
        a reboot has occurred.  An agent should attempt to
        keep this value persistent across reboots."
::= { ipsAuthIdentAttributesEntry 1 }

ipsAuthIdentDescription OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "A character string describing this particular identity."
::= { ipsAuthIdentAttributesEntry 2 }

ipsAuthIdentRowStatus OBJECT-TYPE
    SYNTAX        RowStatus
    MAX-ACCESS    read-create
    STATUS        current



    DESCRIPTION
        "This field allows entries to be dynamically added and
        removed from this table via SNMP.  When adding a row to
        this table, all non-Index/RowStatus objects must be set.
        Rows may be discarded using RowStatus.  The value of
        ipsAuthIdentDescription may be set while
        ipsAuthIdentRowStatus is 'active'."
::= { ipsAuthIdentAttributesEntry 3 }

ipsAuthIdentStorageType OBJECT-TYPE
    SYNTAX        StorageType
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The storage type for all read-create objects in this row.
         Rows in this table that were created through an external
         process may have a storage type of readOnly or permanent.
         Conceptual rows having the value 'permanent' need not
         allow write access to any columnar objects in the row."
    DEFVAL        { nonVolatile }
::= { ipsAuthIdentAttributesEntry 4 }

ipsAuthIdentityName OBJECT IDENTIFIER ::= { ipsAuthObjects 4 }

-- User Initiator Name Attributes Table

ipsAuthIdentNameAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IpsAuthIdentNameAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of unique names that can be used to positively
        identify a particular user identity."
::= { ipsAuthIdentityName 1 }

ipsAuthIdentNameAttributesEntry OBJECT-TYPE
    SYNTAX        IpsAuthIdentNameAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information
        applicable to a unique identity name, which can be used
        to identify a user identity within a particular
        authorization instance."
    INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
            ipsAuthIdentNameIndex }
::= { ipsAuthIdentNameAttributesTable  1 }




IpsAuthIdentNameAttributesEntry ::= SEQUENCE {
    ipsAuthIdentNameIndex          Unsigned32,
    ipsAuthIdentName               SnmpAdminString,
    ipsAuthIdentNameRowStatus      RowStatus,
    ipsAuthIdentNameStorageType    StorageType
}

ipsAuthIdentNameIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a
        particular identity name instance within an
        ipsAuthIdentity within an authorization instance.
        This index value must not be modified or reused by
        an agent unless a reboot has occurred.  An agent
        should attempt to keep this value persistent across
        reboots."
::= { ipsAuthIdentNameAttributesEntry 1 }

ipsAuthIdentName OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "A character string that is the unique name of an
        identity that may be used to identify this ipsAuthIdent
        entry."
::= { ipsAuthIdentNameAttributesEntry 2 }

ipsAuthIdentNameRowStatus OBJECT-TYPE
    SYNTAX        RowStatus
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "This field allows entries to be dynamically added and
        removed from this table via SNMP.  When adding a row to
        this table, all non-Index/RowStatus objects must be set.
        Rows may be discarded using RowStatus.  The value of
        ipsAuthIdentName may be set when this value is 'active'."
::= { ipsAuthIdentNameAttributesEntry 3 }

ipsAuthIdentNameStorageType OBJECT-TYPE
    SYNTAX        StorageType
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION



        "The storage type for all read-create objects in this row.
         Rows in this table that were created through an external
         process may have a storage type of readOnly or permanent.
         Conceptual rows having the value 'permanent' need not
         allow write access to any columnar objects in the row."
    DEFVAL        { nonVolatile }
::= { ipsAuthIdentNameAttributesEntry 4 }

ipsAuthIdentityAddress OBJECT IDENTIFIER ::= { ipsAuthObjects 5 }

-- User Initiator Address Attributes Table

ipsAuthIdentAddrAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IpsAuthIdentAddrAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of address ranges that are allowed to serve
        as the endpoint addresses of a particular identity.
        An address range includes a starting and ending address
        and an optional netmask, and an address type indicator,
        which can specify whether the address is IPv4, IPv6,
        FC-WWPN, or FC-WWNN."
::= { ipsAuthIdentityAddress 1 }

ipsAuthIdentAddrAttributesEntry OBJECT-TYPE
    SYNTAX        IpsAuthIdentAddrAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information
        applicable to an address range that is used as part
        of the authorization of an identity
        within an authorization instance on this node."
    INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
            ipsAuthIdentAddrIndex }
::= { ipsAuthIdentAddrAttributesTable  1 }

IpsAuthIdentAddrAttributesEntry ::= SEQUENCE {
    ipsAuthIdentAddrIndex          Unsigned32,
    ipsAuthIdentAddrType           AddressFamilyNumbers,
    ipsAuthIdentAddrStart          IpsAuthAddress,
    ipsAuthIdentAddrEnd            IpsAuthAddress,
    ipsAuthIdentAddrRowStatus      RowStatus,
    ipsAuthIdentAddrStorageType    StorageType
}

ipsAuthIdentAddrIndex OBJECT-TYPE



    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a
        particular ipsAuthIdentAddress instance within an
        ipsAuthIdentity within an authorization instance
        present on the node.
        This index value must not be modified or reused by
        an agent unless a reboot has occurred.  An agent
        should attempt to keep this value persistent across
        reboots."
::= { ipsAuthIdentAddrAttributesEntry 1 }

ipsAuthIdentAddrType OBJECT-TYPE
    SYNTAX        AddressFamilyNumbers
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The address types used in the ipsAuthIdentAddrStart
        and ipsAuthAddrEnd objects.  This type is taken
        from the IANA address family types."
::= { ipsAuthIdentAddrAttributesEntry 2 }

ipsAuthIdentAddrStart OBJECT-TYPE
    SYNTAX        IpsAuthAddress
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The starting address of the allowed address range.
        The format of this object is determined by
        ipsAuthIdentAddrType."
::= { ipsAuthIdentAddrAttributesEntry 3 }

ipsAuthIdentAddrEnd OBJECT-TYPE
    SYNTAX        IpsAuthAddress
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The ending address of the allowed address range.
        If the ipsAuthIdentAddrEntry specifies a single
        address, this shall match the ipsAuthIdentAddrStart.
        The format of this object is determined by
        ipsAuthIdentAddrType."
::= { ipsAuthIdentAddrAttributesEntry 4 }

ipsAuthIdentAddrRowStatus OBJECT-TYPE
    SYNTAX        RowStatus



    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "This field allows entries to be dynamically added and
        removed from this table via SNMP.  When adding a row to
        this table, all non-Index/RowStatus objects must be set.
        Rows may be discarded using RowStatus.  The values of
        ipsAuthIdentAddrStart and ipsAuthIdentAddrEnd may be set
        when this value is 'active'.  The value of
        ipsAuthIdentAddrType may not be set when this value is
        'active'."
::= { ipsAuthIdentAddrAttributesEntry 5 }

ipsAuthIdentAddrStorageType OBJECT-TYPE
    SYNTAX        StorageType
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The storage type for all read-create objects in this row.
         Rows in this table that were created through an external
         process may have a storage type of readOnly or permanent.
         Conceptual rows having the value 'permanent' need not
         allow write access to any columnar objects in the row."
    DEFVAL        { nonVolatile }
::= { ipsAuthIdentAddrAttributesEntry 6 }

ipsAuthCredential OBJECT IDENTIFIER ::= { ipsAuthObjects 6 }

-- Credential Attributes Table

ipsAuthCredentialAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IpsAuthCredentialAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of credentials related to user identities
        that are allowed as valid authenticators of the
        particular identity."
::= { ipsAuthCredential 1 }

ipsAuthCredentialAttributesEntry OBJECT-TYPE
    SYNTAX        IpsAuthCredentialAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information
        applicable to a credential that verifies a user
        identity within an authorization instance.



        To provide complete information in this MIB for a credential,
        the management station must not only create the row in this
        table but must also create a row in another table, where the
        other table is determined by the value of
        ipsAuthCredAuthMethod, e.g., if ipsAuthCredAuthMethod has the
        value ipsAuthMethodChap, a row must be created in the
        ipsAuthCredChapAttributesTable."
    INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
::= { ipsAuthCredentialAttributesTable  1 }

IpsAuthCredentialAttributesEntry ::= SEQUENCE {
    ipsAuthCredIndex               Unsigned32,
    ipsAuthCredAuthMethod          AutonomousType,
    ipsAuthCredRowStatus           RowStatus,
    ipsAuthCredStorageType         StorageType
}

ipsAuthCredIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a
        particular Credential instance within an instance
        present on the node.
        This index value must not be modified or reused by
        an agent unless a reboot has occurred.  An agent
        should attempt to keep this value persistent across
        reboots."
::= { ipsAuthCredentialAttributesEntry 1 }

ipsAuthCredAuthMethod OBJECT-TYPE
    SYNTAX        AutonomousType
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "This object contains an OBJECT IDENTIFIER
        that identifies the authentication method
        used with this credential.

        When a row is created in this table, a corresponding
        row must be created by the management station
        in a corresponding table specified by this value.

        When a row is deleted from this table, the corresponding
        row must be automatically deleted by the agent in
        the corresponding table specified by this value.




        If the value of this object is ipsAuthMethodNone, no
        corresponding rows are created or deleted from other
        tables.

        Some standardized values for this object are defined
        within the ipsAuthMethodTypes subtree."
::= { ipsAuthCredentialAttributesEntry 2 }

ipsAuthCredRowStatus OBJECT-TYPE
    SYNTAX        RowStatus
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "This field allows entries to be dynamically added and
        removed from this table via SNMP.  When adding a row to
        this table, all non-Index/RowStatus objects must be set.
        Rows may be discarded using RowStatus.  The value of
        ipsAuthCredAuthMethod must not be changed while this row
        is 'active'."
::= { ipsAuthCredentialAttributesEntry 3 }

ipsAuthCredStorageType OBJECT-TYPE
    SYNTAX        StorageType
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The storage type for all read-create objects in this row.
         Rows in this table that were created through an external
         process may have a storage type of readOnly or permanent.
         Conceptual rows having the value 'permanent' need not
         allow write access to any columnar objects in the row."
    DEFVAL        { nonVolatile }
::= { ipsAuthCredentialAttributesEntry 4 }

ipsAuthCredChap OBJECT IDENTIFIER ::= { ipsAuthObjects 7 }

-- Credential Chap-Specific Attributes Table

ipsAuthCredChapAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IpsAuthCredChapAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of CHAP attributes for credentials that
        use ipsAuthMethodChap as their ipsAuthCredAuthMethod.

        A row in this table can only exist when an instance of
        the ipsAuthCredAuthMethod object exists (or is created



        simultaneously) having the same instance identifiers
        and a value of 'ipsAuthMethodChap'."
::= { ipsAuthCredChap 1 }

ipsAuthCredChapAttributesEntry OBJECT-TYPE
    SYNTAX        IpsAuthCredChapAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information
        applicable to a credential that uses
        ipsAuthMethodChap as their ipsAuthCredAuthMethod.

        When a row is created in ipsAuthCredentialAttributesTable
        with ipsAuthCredAuthMethod = ipsAuthCredChap, the
        management station must create a corresponding row
        in this table.

        When a row is deleted from ipsAuthCredentialAttributesTable
        with ipsAuthCredAuthMethod = ipsAuthCredChap, the
        agent must delete the corresponding row (if any) in
        this table."
    INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
::= { ipsAuthCredChapAttributesTable  1 }

IpsAuthCredChapAttributesEntry ::= SEQUENCE {
    ipsAuthCredChapUserName        SnmpAdminString,
    ipsAuthCredChapRowStatus       RowStatus,
    ipsAuthCredChapStorageType     StorageType
}

ipsAuthCredChapUserName OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "A character string containing the CHAP user name for this
        credential."
    REFERENCE
        "W. Simpson, RFC 1994: PPP Challenge Handshake
        Authentication Protocol (CHAP), August 1996"
::= { ipsAuthCredChapAttributesEntry 1 }

ipsAuthCredChapRowStatus OBJECT-TYPE
    SYNTAX        RowStatus
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION



        "This field allows entries to be dynamically added and
        removed from this table via SNMP.  When adding a row to
        this table, all non-Index/RowStatus objects must be set.
        Rows may be discarded using RowStatus.  The value of
        ipsAuthCredChapUserName may be changed while this row
        is 'active'."
::= { ipsAuthCredChapAttributesEntry 2 }

ipsAuthCredChapStorageType OBJECT-TYPE
    SYNTAX        StorageType
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The storage type for all read-create objects in this row.
         Rows in this table that were created through an external
         process may have a storage type of readOnly or permanent.
         Conceptual rows having the value 'permanent' need not
         allow write access to any columnar objects in the row."
    DEFVAL        { nonVolatile }
::= { ipsAuthCredChapAttributesEntry 3 }

ipsAuthCredSrp OBJECT IDENTIFIER ::= { ipsAuthObjects 8 }

-- Credential Srp-Specific Attributes Table

ipsAuthCredSrpAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IpsAuthCredSrpAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of SRP attributes for credentials that
        use ipsAuthMethodSrp as its ipsAuthCredAuthMethod.

        A row in this table can only exist when an instance of
        the ipsAuthCredAuthMethod object exists (or is created
        simultaneously) having the same instance identifiers
        and a value of 'ipsAuthMethodSrp'."
::= { ipsAuthCredSrp 1 }

ipsAuthCredSrpAttributesEntry OBJECT-TYPE
    SYNTAX        IpsAuthCredSrpAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information
        applicable to a credential that uses
        ipsAuthMethodSrp as their ipsAuthCredAuthMethod.




        When a row is created in ipsAuthCredentialAttributesTable
        with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
        management station must create a corresponding row
        in this table.

        When a row is deleted from ipsAuthCredentialAttributesTable
        with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
        agent must delete the corresponding row (if any) in
        this table."
    INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
::= { ipsAuthCredSrpAttributesTable  1 }

IpsAuthCredSrpAttributesEntry ::= SEQUENCE {
    ipsAuthCredSrpUserName         SnmpAdminString,
    ipsAuthCredSrpRowStatus        RowStatus,
    ipsAuthCredSrpStorageType      StorageType
}

ipsAuthCredSrpUserName OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "A character string containing the SRP user name for this
        credential."
    REFERENCE
       "T. Wu, RFC 2945: The SRP Authentication and Key
       Exchange System, September 2000"
::= { ipsAuthCredSrpAttributesEntry 1 }

ipsAuthCredSrpRowStatus OBJECT-TYPE
    SYNTAX        RowStatus
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "This field allows entries to be dynamically added and
        removed from this table via SNMP.  When adding a row to
        this table, all non-Index/RowStatus objects must be set.
        Rows may be discarded using RowStatus.  The value of
        ipsAuthCredSrpUserName may be changed while the status
        of this row is 'active'."
::= { ipsAuthCredSrpAttributesEntry 2 }

ipsAuthCredSrpStorageType OBJECT-TYPE
    SYNTAX        StorageType
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION



        "The storage type for all read-create objects in this row.
         Rows in this table that were created through an external
         process may have a storage type of readOnly or permanent.
         Conceptual rows having the value 'permanent' need not
         allow write access to any columnar objects in the row."
    DEFVAL        { nonVolatile }
::= { ipsAuthCredSrpAttributesEntry 3 }

ipsAuthCredKerberos OBJECT IDENTIFIER ::= { ipsAuthObjects 9 }

-- Credential Kerberos-Specific Attributes Table

ipsAuthCredKerbAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IpsAuthCredKerbAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of Kerberos attributes for credentials that
        use ipsAuthMethodKerberos as their ipsAuthCredAuthMethod.

        A row in this table can only exist when an instance of
        the ipsAuthCredAuthMethod object exists (or is created
        simultaneously) having the same instance identifiers
        and a value of 'ipsAuthMethodKerb'."
::= { ipsAuthCredKerberos 1 }

ipsAuthCredKerbAttributesEntry OBJECT-TYPE
    SYNTAX        IpsAuthCredKerbAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information
        applicable to a credential that uses
        ipsAuthMethodKerberos as its ipsAuthCredAuthMethod.

        When a row is created in ipsAuthCredentialAttributesTable
        with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
        management station must create a corresponding row
        in this table.

        When a row is deleted from ipsAuthCredentialAttributesTable
        with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
        agent must delete the corresponding row (if any) in
        this table."
    INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
::= { ipsAuthCredKerbAttributesTable  1 }

IpsAuthCredKerbAttributesEntry ::= SEQUENCE {



    ipsAuthCredKerbPrincipal       SnmpAdminString,
    ipsAuthCredKerbRowStatus       RowStatus,
    ipsAuthCredKerbStorageType     StorageType
}

ipsAuthCredKerbPrincipal OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "A character string containing a Kerberos principal
        for this credential."
    REFERENCE
        "C. Neuman, S. Hartman, and K. Raeburn, RFC 4120:
        The Kerberos Network Authentication Service (V5),
        July 2005"
::= { ipsAuthCredKerbAttributesEntry 1 }

ipsAuthCredKerbRowStatus OBJECT-TYPE
    SYNTAX        RowStatus
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "This field allows entries to be dynamically added and
        removed from this table via SNMP.  When adding a row to
        this table, all non-Index/RowStatus objects must be set.
        Rows may be discarded using RowStatus.  The value of
        ipsAuthCredKerbPrincipal may be changed while this row
        is 'active'."
::= { ipsAuthCredKerbAttributesEntry 2 }

ipsAuthCredKerbStorageType OBJECT-TYPE
    SYNTAX        StorageType
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The storage type for all read-create objects in this row.
         Rows in this table that were created through an external
         process may have a storage type of readOnly or permanent.
         Conceptual rows having the value 'permanent' need not
         allow write access to any columnar objects in the row."
    DEFVAL        { nonVolatile }
::= { ipsAuthCredKerbAttributesEntry 3 }

--******************************************************************
-- Notifications

-- There are no notifications necessary in this MIB module.



--******************************************************************

-- Conformance Statements

ipsAuthCompliances OBJECT IDENTIFIER ::= { ipsAuthConformance 1 }
ipsAuthGroups      OBJECT IDENTIFIER ::= { ipsAuthConformance 2 }

ipsAuthInstanceAttributesGroup OBJECT-GROUP
    OBJECTS {
        ipsAuthInstDescr,
        ipsAuthInstStorageType
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        authorization instances."
::= { ipsAuthGroups 1 }

ipsAuthIdentAttributesGroup OBJECT-GROUP
    OBJECTS {
        ipsAuthIdentDescription,
        ipsAuthIdentRowStatus,
        ipsAuthIdentStorageType
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        user identities within an authorization instance."
::= { ipsAuthGroups 2 }

ipsAuthIdentNameAttributesGroup OBJECT-GROUP
    OBJECTS {
        ipsAuthIdentName,
        ipsAuthIdentNameRowStatus,
        ipsAuthIdentNameStorageType
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        user names within user identities within an authorization
        instance."
::= { ipsAuthGroups 3 }

ipsAuthIdentAddrAttributesGroup OBJECT-GROUP
    OBJECTS {
        ipsAuthIdentAddrType,
        ipsAuthIdentAddrStart,
        ipsAuthIdentAddrEnd,



        ipsAuthIdentAddrRowStatus,
        ipsAuthIdentAddrStorageType
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        address ranges within user identities within an
        authorization instance."
::= { ipsAuthGroups 4 }

ipsAuthIdentCredAttributesGroup OBJECT-GROUP
    OBJECTS {
        ipsAuthCredAuthMethod,
        ipsAuthCredRowStatus,
        ipsAuthCredStorageType
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        credentials within user identities within an authorization
        instance."
::= { ipsAuthGroups 5 }

ipsAuthIdentChapAttrGroup OBJECT-GROUP
    OBJECTS {
        ipsAuthCredChapUserName,
        ipsAuthCredChapRowStatus,
        ipsAuthCredChapStorageType
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        CHAP credentials within user identities within an
        authorization instance."
::= { ipsAuthGroups 6 }

ipsAuthIdentSrpAttrGroup OBJECT-GROUP
    OBJECTS {
        ipsAuthCredSrpUserName,
        ipsAuthCredSrpRowStatus,
        ipsAuthCredSrpStorageType
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        SRP credentials within user identities within an
        authorization instance."
::= { ipsAuthGroups 7 }



ipsAuthIdentKerberosAttrGroup OBJECT-GROUP
    OBJECTS {
        ipsAuthCredKerbPrincipal,
        ipsAuthCredKerbRowStatus,
        ipsAuthCredKerbStorageType
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        Kerberos credentials within user identities within an
        authorization instance."
::= { ipsAuthGroups 8 }

--******************************************************************

ipsAuthComplianceV1 MODULE-COMPLIANCE
    STATUS current
    DESCRIPTION
        "Initial version of compliance statement based on
        initial version of this MIB module.

        The Instance and Identity groups are mandatory;
        at least one of the other groups (Name, Address,
        Credential, Certificate) is also mandatory for
        any given implementation."
    MODULE       -- this module
    MANDATORY-GROUPS {
        ipsAuthInstanceAttributesGroup,
        ipsAuthIdentAttributesGroup
    }

    -- Conditionally mandatory groups to be included with
    -- the mandatory groups when necessary.

    GROUP ipsAuthIdentNameAttributesGroup
    DESCRIPTION
        "This group is mandatory for all implementations
        that make use of unique identity names."

    GROUP ipsAuthIdentAddrAttributesGroup
    DESCRIPTION
        "This group is mandatory for all implementations
        that use addresses to help verify identities."

    GROUP ipsAuthIdentCredAttributesGroup
    DESCRIPTION
        "This group is mandatory for all implementations
        that use credentials to help verify identities."



    GROUP ipsAuthIdentChapAttrGroup
    DESCRIPTION
        "This group is mandatory for all implementations
        that use CHAP to help verify identities.

        The ipsAuthIdentCredAttributesGroup must be
        implemented if this group is implemented."

    GROUP ipsAuthIdentSrpAttrGroup
    DESCRIPTION
        "This group is mandatory for all implementations
        that use SRP to help verify identities.

        The ipsAuthIdentCredAttributesGroup must be
        implemented if this group is implemented."

    GROUP ipsAuthIdentKerberosAttrGroup
    DESCRIPTION
        "This group is mandatory for all implementations
        that use Kerberos to help verify identities.

        The ipsAuthIdentCredAttributesGroup must be
        implemented if this group is implemented."

    OBJECT ipsAuthInstDescr
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT ipsAuthInstStorageType
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT ipsAuthIdentDescription
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT ipsAuthIdentRowStatus
    SYNTAX INTEGER { active(1) } -- subset of RowStatus
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required, and only one of the
        six enumerated values for the RowStatus textual
        convention need be supported, specifically:
        active(1)."




    OBJECT ipsAuthIdentName
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT ipsAuthIdentNameRowStatus
    SYNTAX INTEGER { active(1) } -- subset of RowStatus
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required, and only one of the
        six enumerated values for the RowStatus textual
        convention need be supported, specifically:
        active(1)."

    OBJECT ipsAuthIdentAddrType
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT ipsAuthIdentAddrStart
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT ipsAuthIdentAddrEnd
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT ipsAuthIdentAddrRowStatus
    SYNTAX INTEGER { active(1) } -- subset of RowStatus
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required, and only one of the
        six enumerated values for the RowStatus textual
        convention need be supported, specifically:
        active(1)."

    OBJECT ipsAuthCredAuthMethod
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT ipsAuthCredRowStatus
    SYNTAX INTEGER { active(1) } -- subset of RowStatus
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required, and only one of the



        six enumerated values for the RowStatus textual
        convention need be supported, specifically:
        active(1)."

    OBJECT ipsAuthCredChapUserName
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT ipsAuthCredChapRowStatus
    SYNTAX INTEGER { active(1) } -- subset of RowStatus
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required, and only one of the
        six enumerated values for the RowStatus textual
        convention need be supported, specifically:
        active(1)."

    OBJECT ipsAuthCredSrpUserName
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT ipsAuthCredSrpRowStatus
    SYNTAX INTEGER { active(1) } -- subset of RowStatus
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required, and only one of the
        six enumerated values for the RowStatus textual
        convention need be supported, specifically:
        active(1)."

    OBJECT ipsAuthCredKerbPrincipal
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT ipsAuthCredKerbRowStatus
    SYNTAX INTEGER { active(1) } -- subset of RowStatus
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required, and only one of the six
        enumerated values for the RowStatus textual convention need
        be supported, specifically:  active(1)."

::= { ipsAuthCompliances 1 }

END