SNMP-USER-BASED-SM-MIB DEFINITIONS ::= BEGIN

IMPORTS

    MODULE-IDENTITY, OBJECT-TYPE,

    OBJECT-IDENTITY,

    snmpModules, Counter32                FROM SNMPv2-SMI

    TEXTUAL-CONVENTION, TestAndIncr,

    RowStatus, RowPointer,

    StorageType, AutonomousType           FROM SNMPv2-TC

    MODULE-COMPLIANCE, OBJECT-GROUP       FROM SNMPv2-CONF

    SnmpAdminString, SnmpEngineID,

    snmpAuthProtocols, snmpPrivProtocols  FROM SNMP-FRAMEWORK-MIB;

snmpUsmMIB MODULE-IDENTITY

    LAST-UPDATED "200210160000Z"            -- 16 Oct 2002, midnight

    ORGANIZATION "SNMPv3 Working Group"

    CONTACT-INFO "WG-email:   snmpv3@lists.tislabs.com

                  Subscribe:  majordomo@lists.tislabs.com

                              In msg body:  subscribe snmpv3

                  Chair:      Russ Mundy

                              Network Associates Laboratories

                  postal:     15204 Omega Drive, Suite 300

                              Rockville, MD 20850-4601

                              USA

                  email:      mundy@tislabs.com

                  phone:      +1 301-947-7107

                  Co-Chair:   David Harrington

                              Enterasys Networks

                  Postal:     35 Industrial Way

                              P. O. Box 5004

                              Rochester, New Hampshire 03866-5005

                              USA

                  EMail:      dbh@enterasys.com

                  Phone:      +1 603-337-2614

                  Co-editor   Uri Blumenthal

                              Lucent Technologies

                  postal:     67 Whippany Rd.

                              Whippany, NJ 07981

                              USA

                  email:      uri@lucent.com

                  phone:      +1-973-386-2163

                  Co-editor:  Bert Wijnen

                              Lucent Technologies

                  postal:     Schagen 33

                              3461 GL Linschoten

                              Netherlands

                  email:      bwijnen@lucent.com

                  phone:      +31-348-480-685

                 "

    DESCRIPTION  "The management information definitions for the

                  SNMP User-based Security Model.

                  Copyright (C) The Internet Society (2002). This

                  version of this MIB module is part of RFC 3414;

                  see the RFC itself for full legal notices.

                 "

--  Revision history

    REVISION     "200210160000Z"          -- 16 Oct 2002, midnight

    DESCRIPTION  "Changes in this revision:

                  - Updated references and contact info.

                  - Clarification to usmUserCloneFrom DESCRIPTION

                    clause

                  - Fixed 'command responder' into 'command generator'

                    in last para of DESCRIPTION clause of

                    usmUserTable.

                  This revision published as RFC3414.

                 "

    REVISION     "199901200000Z"          -- 20 Jan 1999, midnight

    DESCRIPTION  "Clarifications, published as RFC2574"

    REVISION     "199711200000Z"          -- 20 Nov 1997, midnight

    DESCRIPTION  "Initial version, published as RFC2274"

    ::= { snmpModules 15 }

-- Administrative assignments ****************************************

usmMIBObjects     OBJECT IDENTIFIER ::= { snmpUsmMIB 1 }

usmMIBConformance OBJECT IDENTIFIER ::= { snmpUsmMIB 2 }

-- Identification of Authentication and Privacy Protocols ************

usmNoAuthProtocol OBJECT-IDENTITY

    STATUS        current

    DESCRIPTION  "No Authentication Protocol."

    ::= { snmpAuthProtocols 1 }

usmHMACMD5AuthProtocol OBJECT-IDENTITY

    STATUS        current

    DESCRIPTION  "The HMAC-MD5-96 Digest Authentication Protocol."

    REFERENCE    "- H. Krawczyk, M. Bellare, R. Canetti HMAC:

                    Keyed-Hashing for Message Authentication,

                    RFC2104, Feb 1997.

                  - Rivest, R., Message Digest Algorithm MD5, RFC1321.

                 "

    ::= { snmpAuthProtocols 2 }

usmHMACSHAAuthProtocol OBJECT-IDENTITY

    STATUS        current

    DESCRIPTION  "The HMAC-SHA-96 Digest Authentication Protocol."

    REFERENCE    "- H. Krawczyk, M. Bellare, R. Canetti, HMAC:

                    Keyed-Hashing for Message Authentication,

                    RFC2104, Feb 1997.

                  - Secure Hash Algorithm. NIST FIPS 180-1.

                 "

    ::= { snmpAuthProtocols 3 }

usmNoPrivProtocol OBJECT-IDENTITY

    STATUS        current

    DESCRIPTION  "No Privacy Protocol."

    ::= { snmpPrivProtocols 1 }

usmDESPrivProtocol OBJECT-IDENTITY

    STATUS        current

    DESCRIPTION  "The CBC-DES Symmetric Encryption Protocol."

    REFERENCE    "- Data Encryption Standard, National Institute of

                    Standards and Technology.  Federal Information

                    Processing Standard (FIPS) Publication 46-1.

                    Supersedes FIPS Publication 46,

                    (January, 1977; reaffirmed January, 1988).

                  - Data Encryption Algorithm, American National

                    Standards Institute.  ANSI X3.92-1981,

                    (December, 1980).

                  - DES Modes of Operation, National Institute of

                    Standards and Technology.  Federal Information

                    Processing Standard (FIPS) Publication 81,

                    (December, 1980).

                  - Data Encryption Algorithm - Modes of Operation,

                    American National Standards Institute.

                    ANSI X3.106-1983, (May 1983).

                 "

    ::= { snmpPrivProtocols 2 }

-- Textual Conventions ***********************************************

KeyChange ::=     TEXTUAL-CONVENTION

   STATUS         current

   DESCRIPTION

         "Every definition of an object with this syntax must identify

          a protocol P, a secret key K, and a hash algorithm H

          that produces output of L octets.

          The object's value is a manager-generated, partially-random

          value which, when modified, causes the value of the secret

          key K, to be modified via a one-way function.

          The value of an instance of this object is the concatenation

          of two components: first a 'random' component and then a

          'delta' component.

          The lengths of the random and delta components

          are given by the corresponding value of the protocol P;

          if P requires K to be a fixed length, the length of both the

          random and delta components is that fixed length; if P

          allows the length of K to be variable up to a particular

          maximum length, the length of the random component is that

          maximum length and the length of the delta component is any

          length less than or equal to that maximum length.

          For example, usmHMACMD5AuthProtocol requires K to be a fixed

          length of 16 octets and L - of 16 octets.

          usmHMACSHAAuthProtocol requires K to be a fixed length of

          20 octets and L - of 20 octets. Other protocols may define

          other sizes, as deemed appropriate.

          When a requester wants to change the old key K to a new

          key keyNew on a remote entity, the 'random' component is

          obtained from either a true random generator, or from a

          pseudorandom generator, and the 'delta' component is

          computed as follows:

           - a temporary variable is initialized to the existing value

             of K;

           - if the length of the keyNew is greater than L octets,

             then:

              - the random component is appended to the value of the

                temporary variable, and the result is input to the

                the hash algorithm H to produce a digest value, and

                the temporary variable is set to this digest value;

              - the value of the temporary variable is XOR-ed with

                the first (next) L-octets (16 octets in case of MD5)

                of the keyNew to produce the first (next) L-octets

                (16 octets in case of MD5) of the 'delta' component.

              - the above two steps are repeated until the unused

                portion of the keyNew component is L octets or less,

           - the random component is appended to the value of the

             temporary variable, and the result is input to the

             hash algorithm H to produce a digest value;

           - this digest value, truncated if necessary to be the same

             length as the unused portion of the keyNew, is XOR-ed

             with the unused portion of the keyNew to produce the

             (final portion of the) 'delta' component.

           For example, using MD5 as the hash algorithm H:

              iterations = (lenOfDelta - 1)/16; /* integer division */

              temp = keyOld;

              for (i = 0; i < iterations; i++) {

                  temp = MD5 (temp || random);

                  delta[i*16 .. (i*16)+15] =

                         temp XOR keyNew[i*16 .. (i*16)+15];

              }

              temp = MD5 (temp || random);

              delta[i*16 .. lenOfDelta-1] =

                     temp XOR keyNew[i*16 .. lenOfDelta-1];

          The 'random' and 'delta' components are then concatenated as

          described above, and the resulting octet string is sent to

          the recipient as the new value of an instance of this object.

          At the receiver side, when an instance of this object is set

          to a new value, then a new value of K is computed as follows:

           - a temporary variable is initialized to the existing value

             of K;

           - if the length of the delta component is greater than L

             octets, then:

              - the random component is appended to the value of the

                temporary variable, and the result is input to the

                hash algorithm H to produce a digest value, and the

                temporary variable is set to this digest value;

              - the value of the temporary variable is XOR-ed with

                the first (next) L-octets (16 octets in case of MD5)

                of the delta component to produce the first (next)

                L-octets (16 octets in case of MD5) of the new value

                of K.

              - the above two steps are repeated until the unused

                portion of the delta component is L octets or less,

           - the random component is appended to the value of the

             temporary variable, and the result is input to the

             hash algorithm H to produce a digest value;

           - this digest value, truncated if necessary to be the same

             length as the unused portion of the delta component, is

             XOR-ed with the unused portion of the delta component to

             produce the (final portion of the) new value of K.

           For example, using MD5 as the hash algorithm H:

              iterations = (lenOfDelta - 1)/16; /* integer division */

              temp = keyOld;

              for (i = 0; i < iterations; i++) {

                  temp = MD5 (temp || random);

                  keyNew[i*16 .. (i*16)+15] =

                         temp XOR delta[i*16 .. (i*16)+15];

              }

              temp = MD5 (temp || random);

              keyNew[i*16 .. lenOfDelta-1] =

                     temp XOR delta[i*16 .. lenOfDelta-1];

          The value of an object with this syntax, whenever it is

          retrieved by the management protocol, is always the zero

          length string.

          Note that the keyOld and keyNew are the localized keys.

          Note that it is probably wise that when an SNMP entity sends

          a SetRequest to change a key, that it keeps a copy of the old

          key until it has confirmed that the key change actually

          succeeded.

         "

    SYNTAX       OCTET STRING

-- Statistics for the User-based Security Model **********************

usmStats         OBJECT IDENTIFIER ::= { usmMIBObjects 1 }

usmStatsUnsupportedSecLevels OBJECT-TYPE

    SYNTAX       Counter32

    MAX-ACCESS   read-only

    STATUS       current

    DESCRIPTION "The total number of packets received by the SNMP

                 engine which were dropped because they requested a

                 securityLevel that was unknown to the SNMP engine

                 or otherwise unavailable.

                "

    ::= { usmStats 1 }

usmStatsNotInTimeWindows OBJECT-TYPE

    SYNTAX       Counter32

    MAX-ACCESS   read-only

    STATUS       current

    DESCRIPTION "The total number of packets received by the SNMP

                 engine which were dropped because they appeared

                 outside of the authoritative SNMP engine's window.

                "

    ::= { usmStats 2 }

usmStatsUnknownUserNames OBJECT-TYPE

    SYNTAX       Counter32

    MAX-ACCESS   read-only

    STATUS       current

    DESCRIPTION "The total number of packets received by the SNMP

                 engine which were dropped because they referenced a

                 user that was not known to the SNMP engine.

                "

    ::= { usmStats 3 }

usmStatsUnknownEngineIDs OBJECT-TYPE

    SYNTAX       Counter32

    MAX-ACCESS   read-only

    STATUS       current

    DESCRIPTION "The total number of packets received by the SNMP

                 engine which were dropped because they referenced an

                 snmpEngineID that was not known to the SNMP engine.

                "

    ::= { usmStats 4 }

usmStatsWrongDigests OBJECT-TYPE

    SYNTAX       Counter32

    MAX-ACCESS   read-only

    STATUS       current

    DESCRIPTION "The total number of packets received by the SNMP

                 engine which were dropped because they didn't

                 contain the expected digest value.

                "

    ::= { usmStats 5 }

usmStatsDecryptionErrors OBJECT-TYPE

    SYNTAX       Counter32

    MAX-ACCESS   read-only

    STATUS       current

    DESCRIPTION "The total number of packets received by the SNMP

                 engine which were dropped because they could not be

                 decrypted.

                "

    ::= { usmStats 6 }

-- The usmUser Group ************************************************

usmUser          OBJECT IDENTIFIER ::= { usmMIBObjects 2 }

usmUserSpinLock  OBJECT-TYPE

    SYNTAX       TestAndIncr

    MAX-ACCESS   read-write

    STATUS       current

    DESCRIPTION "An advisory lock used to allow several cooperating

                 Command Generator Applications to coordinate their

                 use of facilities to alter secrets in the

                 usmUserTable.

                "

    ::= { usmUser 1 }

-- The table of valid users for the User-based Security Model ********

usmUserTable     OBJECT-TYPE

    SYNTAX       SEQUENCE OF UsmUserEntry

    MAX-ACCESS   not-accessible

    STATUS       current

    DESCRIPTION "The table of users configured in the SNMP engine's

                 Local Configuration Datastore (LCD).

                 To create a new user (i.e., to instantiate a new

                 conceptual row in this table), it is recommended to

                 follow this procedure:

                   1)  GET(usmUserSpinLock.0) and save in sValue.

                   2)  SET(usmUserSpinLock.0=sValue,

                           usmUserCloneFrom=templateUser,

                           usmUserStatus=createAndWait)

                       You should use a template user to clone from

                       which has the proper auth/priv protocol defined.

                 If the new user is to use privacy:

                   3)  generate the keyChange value based on the secret

                       privKey of the clone-from user and the secret key

                       to be used for the new user. Let us call this

                       pkcValue.

                   4)  GET(usmUserSpinLock.0) and save in sValue.

                   5)  SET(usmUserSpinLock.0=sValue,

                           usmUserPrivKeyChange=pkcValue

                           usmUserPublic=randomValue1)

                   6)  GET(usmUserPulic) and check it has randomValue1.

                       If not, repeat steps 4-6.

                 If the new user will never use privacy:

                   7)  SET(usmUserPrivProtocol=usmNoPrivProtocol)

                 If the new user is to use authentication:

                   8)  generate the keyChange value based on the secret

                       authKey of the clone-from user and the secret key

                       to be used for the new user. Let us call this

                       akcValue.

                   9)  GET(usmUserSpinLock.0) and save in sValue.

                   10) SET(usmUserSpinLock.0=sValue,

                           usmUserAuthKeyChange=akcValue

                           usmUserPublic=randomValue2)

                   11) GET(usmUserPulic) and check it has randomValue2.

                       If not, repeat steps 9-11.

                 If the new user will never use authentication:

                   12) SET(usmUserAuthProtocol=usmNoAuthProtocol)

                 Finally, activate the new user:

                   13) SET(usmUserStatus=active)

                 The new user should now be available and ready to be

                 used for SNMPv3 communication. Note however that access

                 to MIB data must be provided via configuration of the

                 SNMP-VIEW-BASED-ACM-MIB.

                 The use of usmUserSpinlock is to avoid conflicts with

                 another SNMP command generator application which may

                 also be acting on the usmUserTable.

                "

    ::= { usmUser 2 }

usmUserEntry     OBJECT-TYPE

    SYNTAX       UsmUserEntry

    MAX-ACCESS   not-accessible

    STATUS       current

    DESCRIPTION "A user configured in the SNMP engine's Local

                 Configuration Datastore (LCD) for the User-based

                 Security Model.

                "

    INDEX       { usmUserEngineID,

                  usmUserName

                }

    ::= { usmUserTable 1 }

UsmUserEntry ::= SEQUENCE

    {

        usmUserEngineID         SnmpEngineID,

        usmUserName             SnmpAdminString,

        usmUserSecurityName     SnmpAdminString,

        usmUserCloneFrom        RowPointer,

        usmUserAuthProtocol     AutonomousType,

        usmUserAuthKeyChange    KeyChange,

        usmUserOwnAuthKeyChange KeyChange,

        usmUserPrivProtocol     AutonomousType,

        usmUserPrivKeyChange    KeyChange,

        usmUserOwnPrivKeyChange KeyChange,

        usmUserPublic           OCTET STRING,

        usmUserStorageType      StorageType,

        usmUserStatus           RowStatus

    }

usmUserEngineID  OBJECT-TYPE

    SYNTAX       SnmpEngineID

    MAX-ACCESS   not-accessible

    STATUS       current

    DESCRIPTION "An SNMP engine's administratively-unique identifier.

                 In a simple agent, this value is always that agent's

                 own snmpEngineID value.

                 The value can also take the value of the snmpEngineID

                 of a remote SNMP engine with which this user can

                 communicate.

                "

    ::= { usmUserEntry 1 }

usmUserName      OBJECT-TYPE

    SYNTAX       SnmpAdminString (SIZE(1..32))

    MAX-ACCESS   not-accessible

    STATUS       current

    DESCRIPTION "A human readable string representing the name of

                 the user.

                 This is the (User-based Security) Model dependent

                 security ID.

                "

    ::= { usmUserEntry 2 }

usmUserSecurityName OBJECT-TYPE

    SYNTAX       SnmpAdminString

    MAX-ACCESS   read-only

    STATUS       current

    DESCRIPTION "A human readable string representing the user in

                 Security Model independent format.

                 The default transformation of the User-based Security

                 Model dependent security ID to the securityName and

                 vice versa is the identity function so that the

                 securityName is the same as the userName.

                "

    ::= { usmUserEntry 3 }

usmUserCloneFrom OBJECT-TYPE

    SYNTAX       RowPointer

    MAX-ACCESS   read-create

    STATUS       current

    DESCRIPTION "A pointer to another conceptual row in this

                 usmUserTable.  The user in this other conceptual

                 row is called the clone-from user.

                 When a new user is created (i.e., a new conceptual

                 row is instantiated in this table), the privacy and

                 authentication parameters of the new user must be

                 cloned from its clone-from user. These parameters are:

                   - authentication protocol (usmUserAuthProtocol)

                   - privacy protocol (usmUserPrivProtocol)

                 They will be copied regardless of what the current

                 value is.

                 Cloning also causes the initial values of the secret

                 authentication key (authKey) and the secret encryption

                 key (privKey) of the new user to be set to the same

                 values as the corresponding secrets of the clone-from

                 user to allow the KeyChange process to occur as

                 required during user creation.

                 The first time an instance of this object is set by

                 a management operation (either at or after its

                 instantiation), the cloning process is invoked.

                 Subsequent writes are successful but invoke no

                 action to be taken by the receiver.

                 The cloning process fails with an 'inconsistentName'

                 error if the conceptual row representing the

                 clone-from user does not exist or is not in an active

                 state when the cloning process is invoked.

                 When this object is read, the ZeroDotZero OID

                 is returned.

                "

    ::= { usmUserEntry 4 }

usmUserAuthProtocol OBJECT-TYPE

    SYNTAX       AutonomousType

    MAX-ACCESS   read-create

    STATUS       current

    DESCRIPTION "An indication of whether messages sent on behalf of

                 this user to/from the SNMP engine identified by

                 usmUserEngineID, can be authenticated, and if so,

                 the type of authentication protocol which is used.

                 An instance of this object is created concurrently

                 with the creation of any other object instance for

                 the same user (i.e., as part of the processing of

                 the set operation which creates the first object

                 instance in the same conceptual row).

                 If an initial set operation (i.e. at row creation time)

                 tries to set a value for an unknown or unsupported

                 protocol, then a 'wrongValue' error must be returned.

                 The value will be overwritten/set when a set operation

                 is performed on the corresponding instance of

                 usmUserCloneFrom.

                 Once instantiated, the value of such an instance of

                 this object can only be changed via a set operation to

                 the value of the usmNoAuthProtocol.

                 If a set operation tries to change the value of an

                 existing instance of this object to any value other

                 than usmNoAuthProtocol, then an 'inconsistentValue'

                 error must be returned.

                 If a set operation tries to set the value to the

                 usmNoAuthProtocol while the usmUserPrivProtocol value

                 in the same row is not equal to usmNoPrivProtocol,

                 then an 'inconsistentValue' error must be returned.

                 That means that an SNMP command generator application

                 must first ensure that the usmUserPrivProtocol is set

                 to the usmNoPrivProtocol value before it can set

                 the usmUserAuthProtocol value to usmNoAuthProtocol.

                "

    DEFVAL      { usmNoAuthProtocol }

    ::= { usmUserEntry 5 }

usmUserAuthKeyChange OBJECT-TYPE

    SYNTAX       KeyChange   -- typically (SIZE (0 | 32)) for HMACMD5

                             -- typically (SIZE (0 | 40)) for HMACSHA

    MAX-ACCESS   read-create

    STATUS       current

    DESCRIPTION "An object, which when modified, causes the secret

                 authentication key used for messages sent on behalf

                 of this user to/from the SNMP engine identified by

                 usmUserEngineID, to be modified via a one-way

                 function.

                 The associated protocol is the usmUserAuthProtocol.

                 The associated secret key is the user's secret

                 authentication key (authKey). The associated hash

                 algorithm is the algorithm used by the user's

                 usmUserAuthProtocol.

                 When creating a new user, it is an 'inconsistentName'

                 error for a set operation to refer to this object

                 unless it is previously or concurrently initialized

                 through a set operation on the corresponding instance

                 of usmUserCloneFrom.

                 When the value of the corresponding usmUserAuthProtocol

                 is usmNoAuthProtocol, then a set is successful, but

                 effectively is a no-op.

                 When this object is read, the zero-length (empty)

                 string is returned.

                 The recommended way to do a key change is as follows:

                   1) GET(usmUserSpinLock.0) and save in sValue.

                   2) generate the keyChange value based on the old

                      (existing) secret key and the new secret key,

                      let us call this kcValue.

                 If you do the key change on behalf of another user:

                   3) SET(usmUserSpinLock.0=sValue,

                          usmUserAuthKeyChange=kcValue

                          usmUserPublic=randomValue)

                 If you do the key change for yourself:

                   4) SET(usmUserSpinLock.0=sValue,

                          usmUserOwnAuthKeyChange=kcValue

                          usmUserPublic=randomValue)

                 If you get a response with error-status of noError,

                 then the SET succeeded and the new key is active.

                 If you do not get a response, then you can issue a

                 GET(usmUserPublic) and check if the value is equal

                 to the randomValue you did send in the SET. If so, then

                 the key change succeeded and the new key is active

                 (probably the response got lost). If not, then the SET

                 request probably never reached the target and so you

                 can start over with the procedure above.

                "

    DEFVAL      { ''H }    -- the empty string

    ::= { usmUserEntry 6 }

usmUserOwnAuthKeyChange OBJECT-TYPE

    SYNTAX       KeyChange   -- typically (SIZE (0 | 32)) for HMACMD5

                             -- typically (SIZE (0 | 40)) for HMACSHA

    MAX-ACCESS   read-create

    STATUS       current

    DESCRIPTION "Behaves exactly as usmUserAuthKeyChange, with one

                 notable difference: in order for the set operation

                 to succeed, the usmUserName of the operation

                 requester must match the usmUserName that

                 indexes the row which is targeted by this

                 operation.

                 In addition, the USM security model must be

                 used for this operation.

                 The idea here is that access to this column can be

                 public, since it will only allow a user to change

                 his own secret authentication key (authKey).

                 Note that this can only be done once the row is active.

                 When a set is received and the usmUserName of the

                 requester is not the same as the umsUserName that

                 indexes the row which is targeted by this operation,

                 then a 'noAccess' error must be returned.

                 When a set is received and the security model in use

                 is not USM, then a 'noAccess' error must be returned.

                "

    DEFVAL      { ''H }    -- the empty string

    ::= { usmUserEntry 7 }

usmUserPrivProtocol OBJECT-TYPE

    SYNTAX       AutonomousType

    MAX-ACCESS   read-create

    STATUS       current

    DESCRIPTION "An indication of whether messages sent on behalf of

                 this user to/from the SNMP engine identified by

                 usmUserEngineID, can be protected from disclosure,

                 and if so, the type of privacy protocol which is used.

                 An instance of this object is created concurrently

                 with the creation of any other object instance for

                 the same user (i.e., as part of the processing of

                 the set operation which creates the first object

                 instance in the same conceptual row).

                 If an initial set operation (i.e. at row creation time)

                 tries to set a value for an unknown or unsupported

                 protocol, then a 'wrongValue' error must be returned.

                 The value will be overwritten/set when a set operation

                 is performed on the corresponding instance of

                 usmUserCloneFrom.

                 Once instantiated, the value of such an instance of

                 this object can only be changed via a set operation to

                 the value of the usmNoPrivProtocol.

                 If a set operation tries to change the value of an

                 existing instance of this object to any value other

                 than usmNoPrivProtocol, then an 'inconsistentValue'

                 error must be returned.

                 Note that if any privacy protocol is used, then you

                 must also use an authentication protocol. In other

                 words, if usmUserPrivProtocol is set to anything else

                 than usmNoPrivProtocol, then the corresponding instance

                 of usmUserAuthProtocol cannot have a value of

                 usmNoAuthProtocol. If it does, then an

                 'inconsistentValue' error must be returned.

                "

    DEFVAL      { usmNoPrivProtocol }

    ::= { usmUserEntry 8 }

usmUserPrivKeyChange OBJECT-TYPE

    SYNTAX       KeyChange  -- typically (SIZE (0 | 32)) for DES

    MAX-ACCESS   read-create

    STATUS       current

    DESCRIPTION "An object, which when modified, causes the secret

                 encryption key used for messages sent on behalf

                 of this user to/from the SNMP engine identified by

                 usmUserEngineID, to be modified via a one-way

                 function.

                 The associated protocol is the usmUserPrivProtocol.

                 The associated secret key is the user's secret

                 privacy key (privKey). The associated hash

                 algorithm is the algorithm used by the user's

                 usmUserAuthProtocol.

                 When creating a new user, it is an 'inconsistentName'

                 error for a set operation to refer to this object

                 unless it is previously or concurrently initialized

                 through a set operation on the corresponding instance

                 of usmUserCloneFrom.

                 When the value of the corresponding usmUserPrivProtocol

                 is usmNoPrivProtocol, then a set is successful, but

                 effectively is a no-op.

                 When this object is read, the zero-length (empty)

                 string is returned.

                 See the description clause of usmUserAuthKeyChange for

                 a recommended procedure to do a key change.

                "

    DEFVAL      { ''H }    -- the empty string

    ::= { usmUserEntry 9 }

usmUserOwnPrivKeyChange OBJECT-TYPE

    SYNTAX       KeyChange  -- typically (SIZE (0 | 32)) for DES

    MAX-ACCESS   read-create

    STATUS       current

    DESCRIPTION "Behaves exactly as usmUserPrivKeyChange, with one

                 notable difference: in order for the Set operation

                 to succeed, the usmUserName of the operation

                 requester must match the usmUserName that indexes

                 the row which is targeted by this operation.

                 In addition, the USM security model must be

                 used for this operation.

                 The idea here is that access to this column can be

                 public, since it will only allow a user to change

                 his own secret privacy key (privKey).

                 Note that this can only be done once the row is active.

                 When a set is received and the usmUserName of the

                 requester is not the same as the umsUserName that

                 indexes the row which is targeted by this operation,

                 then a 'noAccess' error must be returned.

                 When a set is received and the security model in use

                 is not USM, then a 'noAccess' error must be returned.

                "

    DEFVAL      { ''H }    -- the empty string

    ::= { usmUserEntry 10 }

usmUserPublic    OBJECT-TYPE

    SYNTAX       OCTET STRING (SIZE(0..32))

    MAX-ACCESS   read-create

    STATUS       current

    DESCRIPTION "A publicly-readable value which can be written as part

                 of the procedure for changing a user's secret

                 authentication and/or privacy key, and later read to

                 determine whether the change of the secret was

                 effected.

                "

    DEFVAL      { ''H }  -- the empty string

    ::= { usmUserEntry 11 }

usmUserStorageType OBJECT-TYPE

    SYNTAX       StorageType

    MAX-ACCESS   read-create

    STATUS       current

    DESCRIPTION "The storage type for this conceptual row.

                 Conceptual rows having the value 'permanent' must

                 allow write-access at a minimum to:

                 - usmUserAuthKeyChange, usmUserOwnAuthKeyChange

                   and usmUserPublic for a user who employs

                   authentication, and

                 - usmUserPrivKeyChange, usmUserOwnPrivKeyChange

                   and usmUserPublic for a user who employs

                   privacy.

                 Note that any user who employs authentication or

                 privacy must allow its secret(s) to be updated and

                 thus cannot be 'readOnly'.

                 If an initial set operation tries to set the value to

                 'readOnly' for a user who employs authentication or

                 privacy, then an 'inconsistentValue' error must be

                 returned.  Note that if the value has been previously

                 set (implicit or explicit) to any value, then the rules

                 as defined in the StorageType Textual Convention apply.

                 It is an implementation issue to decide if a SET for

                 a readOnly or permanent row is accepted at all. In some

                 contexts this may make sense, in others it may not. If

                 a SET for a readOnly or permanent row is not accepted

                 at all, then a 'wrongValue' error must be returned.

                "

    DEFVAL      { nonVolatile }

    ::= { usmUserEntry 12 }

usmUserStatus    OBJECT-TYPE

    SYNTAX       RowStatus

    MAX-ACCESS   read-create

    STATUS       current

    DESCRIPTION "The status of this conceptual row.

                 Until instances of all corresponding columns are

                 appropriately configured, the value of the

                 corresponding instance of the usmUserStatus column

                 is 'notReady'.

                 In particular, a newly created row for a user who

                 employs authentication, cannot be made active until the

                 corresponding usmUserCloneFrom and usmUserAuthKeyChange

                 have been set.

                 Further, a newly created row for a user who also

                 employs privacy, cannot be made active until the

                 usmUserPrivKeyChange has been set.

                 The RowStatus TC [RFC2579] requires that this

                 DESCRIPTION clause states under which circumstances

                 other objects in this row can be modified:

                 The value of this object has no effect on whether

                 other objects in this conceptual row can be modified,

                 except for usmUserOwnAuthKeyChange and

                 usmUserOwnPrivKeyChange. For these 2 objects, the

                 value of usmUserStatus MUST be active.

                "

    ::= { usmUserEntry 13 }

-- Conformance Information *******************************************

usmMIBCompliances OBJECT IDENTIFIER ::= { usmMIBConformance 1 }

usmMIBGroups      OBJECT IDENTIFIER ::= { usmMIBConformance 2 }

-- Compliance statements

usmMIBCompliance MODULE-COMPLIANCE

    STATUS       current

    DESCRIPTION "The compliance statement for SNMP engines which

                 implement the SNMP-USER-BASED-SM-MIB.

                "

    MODULE       -- this module

        MANDATORY-GROUPS { usmMIBBasicGroup }

        OBJECT           usmUserAuthProtocol

        MIN-ACCESS       read-only

        DESCRIPTION     "Write access is not required."

        OBJECT           usmUserPrivProtocol

        MIN-ACCESS       read-only

        DESCRIPTION     "Write access is not required."