docs/mibs/PYSNMP-USM-MIB.txt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211

PYSNMP-USM-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE
        FROM SNMPv2-SMI
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    usmUserEntry
        FROM SNMP-USER-BASED-SM-MIB
    RowStatus
        FROM SNMPv2-TC
    pysnmpModuleIDs
        FROM PYSNMP-MIB;

pysnmpUsmMIB MODULE-IDENTITY
    LAST-UPDATED "201704140000Z"
    ORGANIZATION "The PySNMP Project"
    CONTACT-INFO "E-mail: Ilya Etingof <etingof@gmail.com>
                  GitHub: https://github.com/etingof/pysnmp"
    DESCRIPTION
        "This MIB module defines objects specific to User
         Security Model (USM) implementation at PySNMP."
    REVISION    "201908300000Z"
    DESCRIPTION "Added USM key types"
    REVISION    "201707300000Z"
    DESCRIPTION "Extended authentication key size"
    REVISION    "201704140000Z"
    DESCRIPTION "Updated addresses"
    REVISION "200505140000Z"          -- 14 May 2005, midnight
    DESCRIPTION "The Initial Revision"
    ::= { pysnmpModuleIDs 1 }

-- Administrative assignments ****************************************

pysnmpUsmMIBObjects     OBJECT IDENTIFIER ::= { pysnmpUsmMIB 1 }
pysnmpUsmMIBConformance OBJECT IDENTIFIER ::= { pysnmpUsmMIB 2 }

-- Implementation-specific SNMP engine configuration

pysnmpUsmCfg    OBJECT IDENTIFIER ::= { pysnmpUsmMIBObjects 1 }

pysnmpUsmDiscoverable OBJECT-TYPE
    SYNTAX       INTEGER { notDiscoverable(0), discoverable(1) }
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION "Whether SNMP engine would support its discovery by
                 responding to unknown clients."
    DEFVAL      { discoverable }
    ::= { pysnmpUsmCfg 1 }

pysnmpUsmDiscovery OBJECT-TYPE
    SYNTAX       INTEGER { doNotDiscover(0), doDiscover(1) }
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION "Whether SNMP engine would try to figure out the EngineIDs
                 of its peers by sending discover requests."
    DEFVAL      { doDiscover }
    ::= { pysnmpUsmCfg 2 }

pysnmpUsmKeyType OBJECT-TYPE
    SYNTAX       INTEGER { passphrase (0), master(1), localized(2) }
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "When configuring USM user, the value of this enumeration
                 determines how the keys should be treated. The default
                 value "passphrase" means that given keys are plain-text
                 pass-phrases, "master" indicates that the keys are pre-hashed
                 pass-phrases, while "localized" stands for pre-hashed
                 pass-phrases mixed with SNMP Security Engine ID value."
    DEFVAL      { passphrase }
    ::= { pysnmpUsmCfg 3 }

-- The usmUser Group ************************************************

pysnmpUsmUser       OBJECT IDENTIFIER ::= { pysnmpUsmMIBObjects 3 }

--
-- The pysnmpUsmSecretTable contains a database of USM users passphrases
-- used for key localization. This table may be consulted during SNMP engine-ID
-- autodiscovery procedure.
--

pysnmpUsmSecretTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF PysnmpUsmSecretEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "The table of USM users passphrases configured in the SNMP 
         engine's Local Configuration Datastore (LCD)."
    ::= { pysnmpUsmMIBObjects 2 }

pysnmpUsmSecretEntry OBJECT-TYPE
    SYNTAX       PysnmpUsmSecretEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "Information about a particular USM user credentials."
    INDEX       { IMPLIED pysnmpUsmSecretUserName }
    ::= { pysnmpUsmSecretTable 1 }

PysnmpUsmSecretEntry ::= SEQUENCE {
    pysnmpUsmSecretUserName       SnmpAdminString,
    pysnmpUsmSecretAuthKey        OCTET STRING,
    pysnmpUsmSecretPrivKey        OCTET STRING,
    pysnmpUsmSecretStatus         RowStatus
}

pysnmpUsmSecretUserName OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE(1..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The username string for which a row in this table
         represents a configuration."
    ::= { pysnmpUsmSecretEntry 1 }

pysnmpUsmSecretAuthKey OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE(8..65535)) -- no upper limit in RFC
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "User's authentication passphrase used for localized key generation."
    ::= { pysnmpUsmSecretEntry 2 }

pysnmpUsmSecretPrivKey OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE(8..65535)) -- no upper limit in RFC
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "User's encryption passphrase used for localized key generation."
    ::= { pysnmpUsmSecretEntry 3 }

pysnmpUsmSecretStatus OBJECT-TYPE
    SYNTAX       RowStatus
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "Table status"
    ::= { pysnmpUsmSecretEntry 4 }

--
-- The pysnmpUsmKeysTable contains a database of USM users' localized
-- keys.
--

pysnmpUsmKeyTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF PysnmpUsmKeyEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "The table of USM users localized keys configured in the 
         SNMP engine's Local Configuration Datastore (LCD)."
    ::= { pysnmpUsmMIBObjects 3 }

pysnmpUsmKeyEntry OBJECT-TYPE
    SYNTAX       PysnmpUsmKeyEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "Information about a particular USM user credentials."
    AUGMENTS    { usmUserEntry }
    ::= { pysnmpUsmKeyTable 1 }

PysnmpUsmKeyEntry ::= SEQUENCE {
    pysnmpUsmKeyAuthLocalized       OCTET STRING,
    pysnmpUsmKeyPrivLocalized       OCTET STRING,
    pysnmpUsmKeyAuth                OCTET STRING,
    pysnmpUsmKeyPriv                OCTET STRING
}

pysnmpUsmKeyAuthLocalized OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE(8..64))
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "User's localized key used for authentication."
    ::= { pysnmpUsmKeyEntry 1 }

pysnmpUsmKeyPrivLocalized OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE(8..64))
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "User's localized key used for encryption."
    ::= { pysnmpUsmKeyEntry 2 }

pysnmpUsmKeyAuth OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE(8..64))
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "User's non-localized key used for authentication."
    ::= { pysnmpUsmKeyEntry 3 }

pysnmpUsmKeyPriv OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE(8..64))
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "User's non-localized key used for encryption."
    ::= { pysnmpUsmKeyEntry 4 }

-- Conformance Information *******************************************

pysnmpUsmMIBCompliances OBJECT IDENTIFIER
                            ::= { pysnmpUsmMIBConformance 1 }
pysnmpUsmMIBGroups      OBJECT IDENTIFIER
                            ::= { pysnmpUsmMIBConformance 2 }

END