usmUserAuthKeyChange

SNMP-USER-BASED-SM-MIB · .1.3.6.1.6.3.15.1.2.2.1.6

Object

column r/w KeyChange

An object, which when modified, causes the secret
authentication key used for messages sent on behalf
of this user to/from the SNMP engine identified by
usmUserEngineID, to be modified via a one-way
function.
              
The associated protocol is the usmUserAuthProtocol.
The associated secret key is the user's secret
authentication key (authKey). The associated hash
algorithm is the algorithm used by the user's
usmUserAuthProtocol.
              
When creating a new user, it is an 'inconsistentName'
error for a set operation to refer to this object
unless it is previously or concurrently initialized
through a set operation on the corresponding instance
of usmUserCloneFrom.
              
When the value of the corresponding usmUserAuthProtocol
is usmNoAuthProtocol, then a set is successful, but
effectively is a no-op.
              
When this object is read, the zero-length (empty)
string is returned.
              
The recommended way to do a key change is as follows:
              
  1) GET(usmUserSpinLock.0) and save in sValue.
  2) generate the keyChange value based on the old
     (existing) secret key and the new secret key,
     let us call this kcValue.
              
If you do the key change on behalf of another user:
              
  3) SET(usmUserSpinLock.0=sValue,
         usmUserAuthKeyChange=kcValue
         usmUserPublic=randomValue)
              
If you do the key change for yourself:
              
  4) SET(usmUserSpinLock.0=sValue,
         usmUserOwnAuthKeyChange=kcValue
         usmUserPublic=randomValue)
              
If you get a response with error-status of noError,
then the SET succeeded and the new key is active.
If you do not get a response, then you can issue a
GET(usmUserPublic) and check if the value is equal
to the randomValue you did send in the SET. If so, then
the key change succeeded and the new key is active
(probably the response got lost). If not, then the SET
request probably never reached the target and so you
can start over with the procedure above.

Context

MIB: SNMP-USER-BASED-SM-MIB
OID: .1.3.6.1.6.3.15.1.2.2.1.6
Type: column
Access: readwrite
Status: current
Parent: usmUserEntry
Table: usmUserTable
Siblings: 12

Syntax

KeyChange

Source: KeyChange
Base type: OctetString

Values & Constraints

No enumerated values or constraints recorded.

Related Objects

Sibling Objects

Object	Type	Syntax	OID
usmUserEngineID An SNMP engine's administratively-unique identifier. In a simple agent, this value is always that agent's own snmpEngineID value. The value can also …	column	SNMP-FRAMEWORK-MIBSnmpEngineID	`.1.3.6.1.6.3.15.1.2.2.1.1`
usmUserOwnPrivKeyChange Behaves exactly as usmUserPrivKeyChange, with one notable difference: in order for the Set operation to succeed, the usmUserName of the operation requester must match the usmUserN…	column	KeyChange	`.1.3.6.1.6.3.15.1.2.2.1.10`
usmUserPublic A publicly-readable value which can be written as part of the procedure for changing a user's secret authentication and/or privacy key, and later read to determine whether the cha…	column	OctetString	`.1.3.6.1.6.3.15.1.2.2.1.11`
usmUserStorageType The storage type for this conceptual row. Conceptual rows having the value 'permanent' must allow write-access at a minimum to: - usmUserAuthKeyChang…	column	SNMPv2-TCStorageType	`.1.3.6.1.6.3.15.1.2.2.1.12`
usmUserStatus The status of this conceptual row. Until instances of all corresponding columns are appropriately configured, the value of the corresponding instance of the usmUser…	column	SNMPv2-TCRowStatus	`.1.3.6.1.6.3.15.1.2.2.1.13`
usmUserName A human readable string representing the name of the user. This is the (User-based Security) Model dependent security ID.	column	OctetString	`.1.3.6.1.6.3.15.1.2.2.1.2`
usmUserSecurityName A human readable string representing the user in Security Model independent format. The default transformation of the User-based Security Model dependent security I…	column	SNMP-FRAMEWORK-MIBSnmpAdminString	`.1.3.6.1.6.3.15.1.2.2.1.3`
usmUserCloneFrom A pointer to another conceptual row in this usmUserTable. The user in this other conceptual row is called the clone-from user. When a new user is created (i.e., a …	column	SNMPv2-TCRowPointer	`.1.3.6.1.6.3.15.1.2.2.1.4`
usmUserAuthProtocol An indication of whether messages sent on behalf of this user to/from the SNMP engine identified by usmUserEngineID, can be authenticated, and if so, the type of authentication pr…	column	SNMPv2-TCAutonomousType	`.1.3.6.1.6.3.15.1.2.2.1.5`
usmUserOwnAuthKeyChange Behaves exactly as usmUserAuthKeyChange, with one notable difference: in order for the set operation to succeed, the usmUserName of the operation requester must match the usmUserN…	column	KeyChange	`.1.3.6.1.6.3.15.1.2.2.1.7`
usmUserPrivProtocol An indication of whether messages sent on behalf of this user to/from the SNMP engine identified by usmUserEngineID, can be protected from disclosure, and if so, the type of priva…	column	SNMPv2-TCAutonomousType	`.1.3.6.1.6.3.15.1.2.2.1.8`
usmUserPrivKeyChange An object, which when modified, causes the secret encryption key used for messages sent on behalf of this user to/from the SNMP engine identified by usmUserEngineID, to be modifie…	column	KeyChange	`.1.3.6.1.6.3.15.1.2.2.1.9`