SNMP-USER-BASED-SM-MIB Table View

Table-centric layout grouping table, row, and column objects.

Standard view Table view

Tables

Rows

Columns

usmUserTable

table

.1.3.6.1.6.3.15.1.2.2 · 1 row entry · 13 columns

Open in standard view

The table of users configured in the SNMP engine's
Local Configuration Datastore (LCD).
          
To create a new user (i.e., to instantiate a new
conceptual row in this table), it is recommended to
follow this procedure:
          
  1)  GET(usmUserSpinLock.0) and save in sValue.
          
  2)  SET(usmUserSpinLock.0=sValue,
          usmUserCloneFrom=templateUser,
          usmUserStatus=createAndWait)
      You should use a template user to clone from
      which has the proper auth/priv protocol defined.
          
If the new user is to use privacy:
          
  3)  generate the keyChange value based on the secret
      privKey of the clone-from user and the secret key
      to be used for the new user. Let us call this
      pkcValue.
  4)  GET(usmUserSpinLock.0) and save in sValue.
  5)  SET(usmUserSpinLock.0=sValue,
          usmUserPrivKeyChange=pkcValue
          usmUserPublic=randomValue1)
  6)  GET(usmUserPulic) and check it has randomValue1.
      If not, repeat steps 4-6.
          
If the new user will never use privacy:
          
  7)  SET(usmUserPrivProtocol=usmNoPrivProtocol)
          
If the new user is to use authentication:
          
  8)  generate the keyChange value based on the secret
      authKey of the clone-from user and the secret key
      to be used for the new user. Let us call this
      akcValue.
  9)  GET(usmUserSpinLock.0) and save in sValue.
  10) SET(usmUserSpinLock.0=sValue,
          usmUserAuthKeyChange=akcValue
          usmUserPublic=randomValue2)
  11) GET(usmUserPulic) and check it has randomValue2.
      If not, repeat steps 9-11.
          
If the new user will never use authentication:
          
  12) SET(usmUserAuthProtocol=usmNoAuthProtocol)
          
Finally, activate the new user:
          
  13) SET(usmUserStatus=active)
          
The new user should now be available and ready to be
used for SNMPv3 communication. Note however that access
to MIB data must be provided via configuration of the
SNMP-VIEW-BASED-ACM-MIB.
          
The use of usmUserSpinlock is to avoid conflicts with
another SNMP command generator application which may
also be acting on the usmUserTable.

usmUserEntry entry .1.3.6.1.6.3.15.1.2.2.1

A user configured in the SNMP engine's Local
Configuration Datastore (LCD) for the User-based
Security Model.

Indexes

usmUserEngineID usmUserName

Column Syntax OID

usmUserEngineID

An SNMP engine's administratively-unique identifier.

In a simple agent, this value is always that agent's
own snmpEngineID value.

The value can also take the value of the snmpEngineID
of a …

SNMP-FRAMEWORK-MIBSnmpEngineID

Textual Convention: SNMP-FRAMEWORK-MIBSnmpEngineID OctetString

Type Constraints:
range: 5..32

.1.3.6.1.6.3.15.1.2.2.1.1

usmUserName

A human readable string representing the name of
the user.

This is the (User-based Security) Model dependent
security ID.

OctetString

Constraints:
range: 1-32

.1.3.6.1.6.3.15.1.2.2.1.2

usmUserSecurityName

A human readable string representing the user in
Security Model independent format.

The default transformation of the User-based Security
Model dependent security ID to the securityName and
vice versa is …

SNMP-FRAMEWORK-MIBSnmpAdminString

Textual Convention: SNMP-FRAMEWORK-MIBSnmpAdminString OctetString

Type Constraints:
range: 0..255

.1.3.6.1.6.3.15.1.2.2.1.3

usmUserCloneFrom

A pointer to another conceptual row in this
usmUserTable. The user in this other conceptual
row is called the clone-from user.

When a new user is created (i.e., a new conceptual
row is instantiated in th…

SNMPv2-TCRowPointerr/w

Textual Convention: SNMPv2-TCRowPointer ObjectIdentifier

.1.3.6.1.6.3.15.1.2.2.1.4

usmUserAuthProtocol

An indication of whether messages sent on behalf of
this user to/from the SNMP engine identified by
usmUserEngineID, can be authenticated, and if so,
the type of authentication protocol which is used.

An …

SNMPv2-TCAutonomousTyper/w

Textual Convention: SNMPv2-TCAutonomousType ObjectIdentifier

.1.3.6.1.6.3.15.1.2.2.1.5

usmUserAuthKeyChange

An object, which when modified, causes the secret
authentication key used for messages sent on behalf
of this user to/from the SNMP engine identified by
usmUserEngineID, to be modified via a one-way
function.
…

KeyChanger/w

Textual Convention: KeyChange OctetString

.1.3.6.1.6.3.15.1.2.2.1.6

usmUserOwnAuthKeyChange

Behaves exactly as usmUserAuthKeyChange, with one
notable difference: in order for the set operation
to succeed, the usmUserName of the operation
requester must match the usmUserName that
indexes the row which is target…

KeyChanger/w

Textual Convention: KeyChange OctetString

.1.3.6.1.6.3.15.1.2.2.1.7

usmUserPrivProtocol

An indication of whether messages sent on behalf of
this user to/from the SNMP engine identified by
usmUserEngineID, can be protected from disclosure,
and if so, the type of privacy protocol which is used.
…

SNMPv2-TCAutonomousTyper/w

Textual Convention: SNMPv2-TCAutonomousType ObjectIdentifier

.1.3.6.1.6.3.15.1.2.2.1.8

usmUserPrivKeyChange

An object, which when modified, causes the secret
encryption key used for messages sent on behalf
of this user to/from the SNMP engine identified by
usmUserEngineID, to be modified via a one-way
function.
…

KeyChanger/w

Textual Convention: KeyChange OctetString

.1.3.6.1.6.3.15.1.2.2.1.9

usmUserOwnPrivKeyChange

Behaves exactly as usmUserPrivKeyChange, with one
notable difference: in order for the Set operation
to succeed, the usmUserName of the operation
requester must match the usmUserName that indexes

the row …

KeyChanger/w

Textual Convention: KeyChange OctetString

.1.3.6.1.6.3.15.1.2.2.1.10

usmUserPublic

A publicly-readable value which can be written as part
of the procedure for changing a user's secret
authentication and/or privacy key, and later read to
determine whether the change of the secret was
effected.

OctetStringr/w

Constraints:
range: 0-32

.1.3.6.1.6.3.15.1.2.2.1.11

usmUserStorageType

The storage type for this conceptual row.

Conceptual rows having the value 'permanent' must
allow write-access at a minimum to:

- usmUserAuthKeyChange, usmUserOwnAuthKeyChange
and usmUser…

SNMPv2-TCStorageTyper/w

Textual Convention: SNMPv2-TCStorageType Enumeration

Type Values:

1	other
2	volatile
3	nonVolatile
4	permanent
5	readOnly

.1.3.6.1.6.3.15.1.2.2.1.12

usmUserStatus

The status of this conceptual row.

Until instances of all corresponding columns are
appropriately configured, the value of the
corresponding instance of the usmUserStatus column
is 'notReady'.
…

SNMPv2-TCRowStatusr/w

Textual Convention: SNMPv2-TCRowStatus Enumeration

Type Values:

1	active
2	notInService
3	notReady
4	createAndGo
5	createAndWait
6	destroy

.1.3.6.1.6.3.15.1.2.2.1.13