1 IPS-AUTH-MIB DEFINITIONS ::= BEGIN
4 MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, Unsigned32,
8 TEXTUAL-CONVENTION, RowStatus, AutonomousType, StorageType
11 MODULE-COMPLIANCE, OBJECT-GROUP
15 FROM SNMP-FRAMEWORK-MIB -- RFC 3411
18 FROM IANA-ADDRESS-FAMILY-NUMBERS-MIB
21 ipsAuthMibModule MODULE-IDENTITY
22 LAST-UPDATED "200605220000Z" -- May 22, 2006
23 ORGANIZATION "IETF IPS Working Group"
27 Postal: Cisco Systems, Inc
28 7900 International Drive, Suite 400
32 E-mail: mbakke@cisco.com
40 E-Mail: james.muchow@qlogic.com"
43 "The IP Storage Authorization MIB module.
44 Copyright (C) The Internet Society (2006). This version of
45 this MIB module is part of RFC 4545; see the RFC itself for
50 REVISION "200605220000Z" -- May 22, 2006
52 "Initial version of the IP Storage Authentication MIB module,
53 published as RFC 4545"
57 ipsAuthNotifications OBJECT IDENTIFIER ::= { ipsAuthMibModule 0 }
58 ipsAuthObjects OBJECT IDENTIFIER ::= { ipsAuthMibModule 1 }
59 ipsAuthConformance OBJECT IDENTIFIER ::= { ipsAuthMibModule 2 }
61 -- Textual Conventions
63 IpsAuthAddress ::= TEXTUAL-CONVENTION
66 "IP Storage requires the use of address information
67 that uses not only the InetAddress type defined in the
68 INET-ADDRESS-MIB, but also Fibre Channel type defined
69 in the Fibre Channel Management MIB. Although these
70 address types are recognized in the IANA Address Family
71 Numbers MIB, the addressing mechanisms have not been
72 merged into a well-known, common type. This data type,
73 the IpsAuthAddress, performs the merging for this MIB
76 The formats of objects of this type are determined by
77 a corresponding object with syntax AddressFamilyNumbers,
78 and thus every object defined using this TC must
79 identify the object with syntax AddressFamilyNumbers
80 that specifies its type.
82 The syntax and semantics of this object depend on the
83 identified AddressFamilyNumbers object as follows:
85 AddressFamilyNumbers this object
86 ==================== ===========
87 ipV4(1) restricted to the same syntax and
88 semantics as the InetAddressIPv4 TC.
90 ipV6(2) restricted to the same syntax and
91 semantics as the InetAddressIPv6 TC.
94 & fibreChannelWWNN(23) restricted to the same syntax and
95 semantics as the FcNameIdOrZero TC.
97 Types other than the above should not be used unless
101 the corresponding format of the IpsAuthAddress object is
102 further specified (e.g., in a future revision of this TC)."
104 "IANA-ADDRESS-FAMILY-NUMBERS-MIB;
105 INET-ADDRESS-MIB (RFC 4001);
106 FC-MGMT-MIB (RFC 4044)."
107 SYNTAX OCTET STRING (SIZE(0..255))
109 --******************************************************************
111 ipsAuthDescriptors OBJECT IDENTIFIER ::= { ipsAuthObjects 1 }
113 ipsAuthMethodTypes OBJECT-IDENTITY
116 "Registration point for Authentication Method Types."
117 REFERENCE "RFC 3720, iSCSI Protocol Specification."
118 ::= { ipsAuthDescriptors 1 }
120 ipsAuthMethodNone OBJECT-IDENTITY
123 "The authoritative identifier when no authentication
125 REFERENCE "RFC 3720, iSCSI Protocol Specification."
126 ::= { ipsAuthMethodTypes 1 }
128 ipsAuthMethodSrp OBJECT-IDENTITY
131 "The authoritative identifier when the authentication
133 REFERENCE "RFC 3720, iSCSI Protocol Specification."
134 ::= { ipsAuthMethodTypes 2 }
136 ipsAuthMethodChap OBJECT-IDENTITY
139 "The authoritative identifier when the authentication
141 REFERENCE "RFC 3720, iSCSI Protocol Specification."
142 ::= { ipsAuthMethodTypes 3 }
144 ipsAuthMethodKerberos OBJECT-IDENTITY
147 "The authoritative identifier when the authentication
152 REFERENCE "RFC 3720, iSCSI Protocol Specification."
153 ::= { ipsAuthMethodTypes 4 }
155 --******************************************************************
157 ipsAuthInstance OBJECT IDENTIFIER ::= { ipsAuthObjects 2 }
159 -- Instance Attributes Table
161 ipsAuthInstanceAttributesTable OBJECT-TYPE
162 SYNTAX SEQUENCE OF IpsAuthInstanceAttributesEntry
163 MAX-ACCESS not-accessible
166 "A list of Authorization instances present on the system."
167 ::= { ipsAuthInstance 2 }
169 ipsAuthInstanceAttributesEntry OBJECT-TYPE
170 SYNTAX IpsAuthInstanceAttributesEntry
171 MAX-ACCESS not-accessible
174 "An entry (row) containing management information
175 applicable to a particular Authorization instance."
176 INDEX { ipsAuthInstIndex }
177 ::= { ipsAuthInstanceAttributesTable 1 }
179 IpsAuthInstanceAttributesEntry ::= SEQUENCE {
180 ipsAuthInstIndex Unsigned32,
181 ipsAuthInstDescr SnmpAdminString,
182 ipsAuthInstStorageType StorageType
185 ipsAuthInstIndex OBJECT-TYPE
186 SYNTAX Unsigned32 (1..4294967295)
187 MAX-ACCESS not-accessible
190 "An arbitrary integer used to uniquely identify a
191 particular authorization instance. This index value
192 must not be modified or reused by an agent unless
193 a reboot has occurred. An agent should attempt to
194 keep this value persistent across reboots."
195 ::= { ipsAuthInstanceAttributesEntry 1 }
197 ipsAuthInstDescr OBJECT-TYPE
198 SYNTAX SnmpAdminString
199 MAX-ACCESS read-write
205 "A character string, determined by the implementation to
206 describe the authorization instance. When only a single
207 instance is present, this object may be set to the
208 zero-length string; with multiple authorization
209 instances, it must be set to a unique value in an
210 implementation-dependent manner to describe the purpose
211 of the respective instance. If this is deployed in a
212 master agent with more than one subagent implementing
213 this MIB module, the master agent is responsible for
214 ensuring that this object is unique across all
216 ::= { ipsAuthInstanceAttributesEntry 2 }
218 ipsAuthInstStorageType OBJECT-TYPE
220 MAX-ACCESS read-write
223 "The storage type for all read-write objects within this
224 row. Rows in this table are always created via an
225 external process, and may have a storage type of readOnly
226 or permanent. Conceptual rows having the value 'permanent'
227 need not allow write access to any columnar objects in
230 If this object has the value 'volatile', modifications
231 to read-write objects in this row are not persistent
232 across reboots. If this object has the value
233 'nonVolatile', modifications to objects in this row
236 An implementation may choose to allow this object
237 to be set to either 'nonVolatile' or 'volatile',
238 allowing the management application to choose this
241 ::= { ipsAuthInstanceAttributesEntry 3 }
243 ipsAuthIdentity OBJECT IDENTIFIER ::= { ipsAuthObjects 3 }
245 -- User Identity Attributes Table
247 ipsAuthIdentAttributesTable OBJECT-TYPE
248 SYNTAX SEQUENCE OF IpsAuthIdentAttributesEntry
249 MAX-ACCESS not-accessible
255 "A list of user identities, each belonging to a
256 particular ipsAuthInstance."
257 ::= { ipsAuthIdentity 1 }
259 ipsAuthIdentAttributesEntry OBJECT-TYPE
260 SYNTAX IpsAuthIdentAttributesEntry
261 MAX-ACCESS not-accessible
264 "An entry (row) containing management information
265 describing a user identity within an authorization
266 instance on this node."
267 INDEX { ipsAuthInstIndex, ipsAuthIdentIndex }
268 ::= { ipsAuthIdentAttributesTable 1 }
270 IpsAuthIdentAttributesEntry ::= SEQUENCE {
271 ipsAuthIdentIndex Unsigned32,
272 ipsAuthIdentDescription SnmpAdminString,
273 ipsAuthIdentRowStatus RowStatus,
274 ipsAuthIdentStorageType StorageType
277 ipsAuthIdentIndex OBJECT-TYPE
278 SYNTAX Unsigned32 (1..4294967295)
279 MAX-ACCESS not-accessible
282 "An arbitrary integer used to uniquely identify a
283 particular identity instance within an authorization
284 instance present on the node. This index value
285 must not be modified or reused by an agent unless
286 a reboot has occurred. An agent should attempt to
287 keep this value persistent across reboots."
288 ::= { ipsAuthIdentAttributesEntry 1 }
290 ipsAuthIdentDescription OBJECT-TYPE
291 SYNTAX SnmpAdminString
292 MAX-ACCESS read-create
295 "A character string describing this particular identity."
296 ::= { ipsAuthIdentAttributesEntry 2 }
298 ipsAuthIdentRowStatus OBJECT-TYPE
300 MAX-ACCESS read-create
306 "This field allows entries to be dynamically added and
307 removed from this table via SNMP. When adding a row to
308 this table, all non-Index/RowStatus objects must be set.
309 Rows may be discarded using RowStatus. The value of
310 ipsAuthIdentDescription may be set while
311 ipsAuthIdentRowStatus is 'active'."
312 ::= { ipsAuthIdentAttributesEntry 3 }
314 ipsAuthIdentStorageType OBJECT-TYPE
316 MAX-ACCESS read-create
319 "The storage type for all read-create objects in this row.
320 Rows in this table that were created through an external
321 process may have a storage type of readOnly or permanent.
322 Conceptual rows having the value 'permanent' need not
323 allow write access to any columnar objects in the row."
324 DEFVAL { nonVolatile }
325 ::= { ipsAuthIdentAttributesEntry 4 }
327 ipsAuthIdentityName OBJECT IDENTIFIER ::= { ipsAuthObjects 4 }
329 -- User Initiator Name Attributes Table
331 ipsAuthIdentNameAttributesTable OBJECT-TYPE
332 SYNTAX SEQUENCE OF IpsAuthIdentNameAttributesEntry
333 MAX-ACCESS not-accessible
336 "A list of unique names that can be used to positively
337 identify a particular user identity."
338 ::= { ipsAuthIdentityName 1 }
340 ipsAuthIdentNameAttributesEntry OBJECT-TYPE
341 SYNTAX IpsAuthIdentNameAttributesEntry
342 MAX-ACCESS not-accessible
345 "An entry (row) containing management information
346 applicable to a unique identity name, which can be used
347 to identify a user identity within a particular
348 authorization instance."
349 INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
350 ipsAuthIdentNameIndex }
351 ::= { ipsAuthIdentNameAttributesTable 1 }
356 IpsAuthIdentNameAttributesEntry ::= SEQUENCE {
357 ipsAuthIdentNameIndex Unsigned32,
358 ipsAuthIdentName SnmpAdminString,
359 ipsAuthIdentNameRowStatus RowStatus,
360 ipsAuthIdentNameStorageType StorageType
363 ipsAuthIdentNameIndex OBJECT-TYPE
364 SYNTAX Unsigned32 (1..4294967295)
365 MAX-ACCESS not-accessible
368 "An arbitrary integer used to uniquely identify a
369 particular identity name instance within an
370 ipsAuthIdentity within an authorization instance.
371 This index value must not be modified or reused by
372 an agent unless a reboot has occurred. An agent
373 should attempt to keep this value persistent across
375 ::= { ipsAuthIdentNameAttributesEntry 1 }
377 ipsAuthIdentName OBJECT-TYPE
378 SYNTAX SnmpAdminString
379 MAX-ACCESS read-create
382 "A character string that is the unique name of an
383 identity that may be used to identify this ipsAuthIdent
385 ::= { ipsAuthIdentNameAttributesEntry 2 }
387 ipsAuthIdentNameRowStatus OBJECT-TYPE
389 MAX-ACCESS read-create
392 "This field allows entries to be dynamically added and
393 removed from this table via SNMP. When adding a row to
394 this table, all non-Index/RowStatus objects must be set.
395 Rows may be discarded using RowStatus. The value of
396 ipsAuthIdentName may be set when this value is 'active'."
397 ::= { ipsAuthIdentNameAttributesEntry 3 }
399 ipsAuthIdentNameStorageType OBJECT-TYPE
401 MAX-ACCESS read-create
407 "The storage type for all read-create objects in this row.
408 Rows in this table that were created through an external
409 process may have a storage type of readOnly or permanent.
410 Conceptual rows having the value 'permanent' need not
411 allow write access to any columnar objects in the row."
412 DEFVAL { nonVolatile }
413 ::= { ipsAuthIdentNameAttributesEntry 4 }
415 ipsAuthIdentityAddress OBJECT IDENTIFIER ::= { ipsAuthObjects 5 }
417 -- User Initiator Address Attributes Table
419 ipsAuthIdentAddrAttributesTable OBJECT-TYPE
420 SYNTAX SEQUENCE OF IpsAuthIdentAddrAttributesEntry
421 MAX-ACCESS not-accessible
424 "A list of address ranges that are allowed to serve
425 as the endpoint addresses of a particular identity.
426 An address range includes a starting and ending address
427 and an optional netmask, and an address type indicator,
428 which can specify whether the address is IPv4, IPv6,
429 FC-WWPN, or FC-WWNN."
430 ::= { ipsAuthIdentityAddress 1 }
432 ipsAuthIdentAddrAttributesEntry OBJECT-TYPE
433 SYNTAX IpsAuthIdentAddrAttributesEntry
434 MAX-ACCESS not-accessible
437 "An entry (row) containing management information
438 applicable to an address range that is used as part
439 of the authorization of an identity
440 within an authorization instance on this node."
441 INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
442 ipsAuthIdentAddrIndex }
443 ::= { ipsAuthIdentAddrAttributesTable 1 }
445 IpsAuthIdentAddrAttributesEntry ::= SEQUENCE {
446 ipsAuthIdentAddrIndex Unsigned32,
447 ipsAuthIdentAddrType AddressFamilyNumbers,
448 ipsAuthIdentAddrStart IpsAuthAddress,
449 ipsAuthIdentAddrEnd IpsAuthAddress,
450 ipsAuthIdentAddrRowStatus RowStatus,
451 ipsAuthIdentAddrStorageType StorageType
454 ipsAuthIdentAddrIndex OBJECT-TYPE
458 SYNTAX Unsigned32 (1..4294967295)
459 MAX-ACCESS not-accessible
462 "An arbitrary integer used to uniquely identify a
463 particular ipsAuthIdentAddress instance within an
464 ipsAuthIdentity within an authorization instance
466 This index value must not be modified or reused by
467 an agent unless a reboot has occurred. An agent
468 should attempt to keep this value persistent across
470 ::= { ipsAuthIdentAddrAttributesEntry 1 }
472 ipsAuthIdentAddrType OBJECT-TYPE
473 SYNTAX AddressFamilyNumbers
474 MAX-ACCESS read-create
477 "The address types used in the ipsAuthIdentAddrStart
478 and ipsAuthAddrEnd objects. This type is taken
479 from the IANA address family types."
480 ::= { ipsAuthIdentAddrAttributesEntry 2 }
482 ipsAuthIdentAddrStart OBJECT-TYPE
483 SYNTAX IpsAuthAddress
484 MAX-ACCESS read-create
487 "The starting address of the allowed address range.
488 The format of this object is determined by
489 ipsAuthIdentAddrType."
490 ::= { ipsAuthIdentAddrAttributesEntry 3 }
492 ipsAuthIdentAddrEnd OBJECT-TYPE
493 SYNTAX IpsAuthAddress
494 MAX-ACCESS read-create
497 "The ending address of the allowed address range.
498 If the ipsAuthIdentAddrEntry specifies a single
499 address, this shall match the ipsAuthIdentAddrStart.
500 The format of this object is determined by
501 ipsAuthIdentAddrType."
502 ::= { ipsAuthIdentAddrAttributesEntry 4 }
504 ipsAuthIdentAddrRowStatus OBJECT-TYPE
509 MAX-ACCESS read-create
512 "This field allows entries to be dynamically added and
513 removed from this table via SNMP. When adding a row to
514 this table, all non-Index/RowStatus objects must be set.
515 Rows may be discarded using RowStatus. The values of
516 ipsAuthIdentAddrStart and ipsAuthIdentAddrEnd may be set
517 when this value is 'active'. The value of
518 ipsAuthIdentAddrType may not be set when this value is
520 ::= { ipsAuthIdentAddrAttributesEntry 5 }
522 ipsAuthIdentAddrStorageType OBJECT-TYPE
524 MAX-ACCESS read-create
527 "The storage type for all read-create objects in this row.
528 Rows in this table that were created through an external
529 process may have a storage type of readOnly or permanent.
530 Conceptual rows having the value 'permanent' need not
531 allow write access to any columnar objects in the row."
532 DEFVAL { nonVolatile }
533 ::= { ipsAuthIdentAddrAttributesEntry 6 }
535 ipsAuthCredential OBJECT IDENTIFIER ::= { ipsAuthObjects 6 }
537 -- Credential Attributes Table
539 ipsAuthCredentialAttributesTable OBJECT-TYPE
540 SYNTAX SEQUENCE OF IpsAuthCredentialAttributesEntry
541 MAX-ACCESS not-accessible
544 "A list of credentials related to user identities
545 that are allowed as valid authenticators of the
546 particular identity."
547 ::= { ipsAuthCredential 1 }
549 ipsAuthCredentialAttributesEntry OBJECT-TYPE
550 SYNTAX IpsAuthCredentialAttributesEntry
551 MAX-ACCESS not-accessible
554 "An entry (row) containing management information
555 applicable to a credential that verifies a user
556 identity within an authorization instance.
560 To provide complete information in this MIB for a credential,
561 the management station must not only create the row in this
562 table but must also create a row in another table, where the
563 other table is determined by the value of
564 ipsAuthCredAuthMethod, e.g., if ipsAuthCredAuthMethod has the
565 value ipsAuthMethodChap, a row must be created in the
566 ipsAuthCredChapAttributesTable."
567 INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
568 ::= { ipsAuthCredentialAttributesTable 1 }
570 IpsAuthCredentialAttributesEntry ::= SEQUENCE {
571 ipsAuthCredIndex Unsigned32,
572 ipsAuthCredAuthMethod AutonomousType,
573 ipsAuthCredRowStatus RowStatus,
574 ipsAuthCredStorageType StorageType
577 ipsAuthCredIndex OBJECT-TYPE
578 SYNTAX Unsigned32 (1..4294967295)
579 MAX-ACCESS not-accessible
582 "An arbitrary integer used to uniquely identify a
583 particular Credential instance within an instance
585 This index value must not be modified or reused by
586 an agent unless a reboot has occurred. An agent
587 should attempt to keep this value persistent across
589 ::= { ipsAuthCredentialAttributesEntry 1 }
591 ipsAuthCredAuthMethod OBJECT-TYPE
592 SYNTAX AutonomousType
593 MAX-ACCESS read-create
596 "This object contains an OBJECT IDENTIFIER
597 that identifies the authentication method
598 used with this credential.
600 When a row is created in this table, a corresponding
601 row must be created by the management station
602 in a corresponding table specified by this value.
604 When a row is deleted from this table, the corresponding
605 row must be automatically deleted by the agent in
606 the corresponding table specified by this value.
611 If the value of this object is ipsAuthMethodNone, no
612 corresponding rows are created or deleted from other
615 Some standardized values for this object are defined
616 within the ipsAuthMethodTypes subtree."
617 ::= { ipsAuthCredentialAttributesEntry 2 }
619 ipsAuthCredRowStatus OBJECT-TYPE
621 MAX-ACCESS read-create
624 "This field allows entries to be dynamically added and
625 removed from this table via SNMP. When adding a row to
626 this table, all non-Index/RowStatus objects must be set.
627 Rows may be discarded using RowStatus. The value of
628 ipsAuthCredAuthMethod must not be changed while this row
630 ::= { ipsAuthCredentialAttributesEntry 3 }
632 ipsAuthCredStorageType OBJECT-TYPE
634 MAX-ACCESS read-create
637 "The storage type for all read-create objects in this row.
638 Rows in this table that were created through an external
639 process may have a storage type of readOnly or permanent.
640 Conceptual rows having the value 'permanent' need not
641 allow write access to any columnar objects in the row."
642 DEFVAL { nonVolatile }
643 ::= { ipsAuthCredentialAttributesEntry 4 }
645 ipsAuthCredChap OBJECT IDENTIFIER ::= { ipsAuthObjects 7 }
647 -- Credential Chap-Specific Attributes Table
649 ipsAuthCredChapAttributesTable OBJECT-TYPE
650 SYNTAX SEQUENCE OF IpsAuthCredChapAttributesEntry
651 MAX-ACCESS not-accessible
654 "A list of CHAP attributes for credentials that
655 use ipsAuthMethodChap as their ipsAuthCredAuthMethod.
657 A row in this table can only exist when an instance of
658 the ipsAuthCredAuthMethod object exists (or is created
662 simultaneously) having the same instance identifiers
663 and a value of 'ipsAuthMethodChap'."
664 ::= { ipsAuthCredChap 1 }
666 ipsAuthCredChapAttributesEntry OBJECT-TYPE
667 SYNTAX IpsAuthCredChapAttributesEntry
668 MAX-ACCESS not-accessible
671 "An entry (row) containing management information
672 applicable to a credential that uses
673 ipsAuthMethodChap as their ipsAuthCredAuthMethod.
675 When a row is created in ipsAuthCredentialAttributesTable
676 with ipsAuthCredAuthMethod = ipsAuthCredChap, the
677 management station must create a corresponding row
680 When a row is deleted from ipsAuthCredentialAttributesTable
681 with ipsAuthCredAuthMethod = ipsAuthCredChap, the
682 agent must delete the corresponding row (if any) in
684 INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
685 ::= { ipsAuthCredChapAttributesTable 1 }
687 IpsAuthCredChapAttributesEntry ::= SEQUENCE {
688 ipsAuthCredChapUserName SnmpAdminString,
689 ipsAuthCredChapRowStatus RowStatus,
690 ipsAuthCredChapStorageType StorageType
693 ipsAuthCredChapUserName OBJECT-TYPE
694 SYNTAX SnmpAdminString
695 MAX-ACCESS read-create
698 "A character string containing the CHAP user name for this
701 "W. Simpson, RFC 1994: PPP Challenge Handshake
702 Authentication Protocol (CHAP), August 1996"
703 ::= { ipsAuthCredChapAttributesEntry 1 }
705 ipsAuthCredChapRowStatus OBJECT-TYPE
707 MAX-ACCESS read-create
713 "This field allows entries to be dynamically added and
714 removed from this table via SNMP. When adding a row to
715 this table, all non-Index/RowStatus objects must be set.
716 Rows may be discarded using RowStatus. The value of
717 ipsAuthCredChapUserName may be changed while this row
719 ::= { ipsAuthCredChapAttributesEntry 2 }
721 ipsAuthCredChapStorageType OBJECT-TYPE
723 MAX-ACCESS read-create
726 "The storage type for all read-create objects in this row.
727 Rows in this table that were created through an external
728 process may have a storage type of readOnly or permanent.
729 Conceptual rows having the value 'permanent' need not
730 allow write access to any columnar objects in the row."
731 DEFVAL { nonVolatile }
732 ::= { ipsAuthCredChapAttributesEntry 3 }
734 ipsAuthCredSrp OBJECT IDENTIFIER ::= { ipsAuthObjects 8 }
736 -- Credential Srp-Specific Attributes Table
738 ipsAuthCredSrpAttributesTable OBJECT-TYPE
739 SYNTAX SEQUENCE OF IpsAuthCredSrpAttributesEntry
740 MAX-ACCESS not-accessible
743 "A list of SRP attributes for credentials that
744 use ipsAuthMethodSrp as its ipsAuthCredAuthMethod.
746 A row in this table can only exist when an instance of
747 the ipsAuthCredAuthMethod object exists (or is created
748 simultaneously) having the same instance identifiers
749 and a value of 'ipsAuthMethodSrp'."
750 ::= { ipsAuthCredSrp 1 }
752 ipsAuthCredSrpAttributesEntry OBJECT-TYPE
753 SYNTAX IpsAuthCredSrpAttributesEntry
754 MAX-ACCESS not-accessible
757 "An entry (row) containing management information
758 applicable to a credential that uses
759 ipsAuthMethodSrp as their ipsAuthCredAuthMethod.
764 When a row is created in ipsAuthCredentialAttributesTable
765 with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
766 management station must create a corresponding row
769 When a row is deleted from ipsAuthCredentialAttributesTable
770 with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
771 agent must delete the corresponding row (if any) in
773 INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
774 ::= { ipsAuthCredSrpAttributesTable 1 }
776 IpsAuthCredSrpAttributesEntry ::= SEQUENCE {
777 ipsAuthCredSrpUserName SnmpAdminString,
778 ipsAuthCredSrpRowStatus RowStatus,
779 ipsAuthCredSrpStorageType StorageType
782 ipsAuthCredSrpUserName OBJECT-TYPE
783 SYNTAX SnmpAdminString
784 MAX-ACCESS read-create
787 "A character string containing the SRP user name for this
790 "T. Wu, RFC 2945: The SRP Authentication and Key
791 Exchange System, September 2000"
792 ::= { ipsAuthCredSrpAttributesEntry 1 }
794 ipsAuthCredSrpRowStatus OBJECT-TYPE
796 MAX-ACCESS read-create
799 "This field allows entries to be dynamically added and
800 removed from this table via SNMP. When adding a row to
801 this table, all non-Index/RowStatus objects must be set.
802 Rows may be discarded using RowStatus. The value of
803 ipsAuthCredSrpUserName may be changed while the status
804 of this row is 'active'."
805 ::= { ipsAuthCredSrpAttributesEntry 2 }
807 ipsAuthCredSrpStorageType OBJECT-TYPE
809 MAX-ACCESS read-create
815 "The storage type for all read-create objects in this row.
816 Rows in this table that were created through an external
817 process may have a storage type of readOnly or permanent.
818 Conceptual rows having the value 'permanent' need not
819 allow write access to any columnar objects in the row."
820 DEFVAL { nonVolatile }
821 ::= { ipsAuthCredSrpAttributesEntry 3 }
823 ipsAuthCredKerberos OBJECT IDENTIFIER ::= { ipsAuthObjects 9 }
825 -- Credential Kerberos-Specific Attributes Table
827 ipsAuthCredKerbAttributesTable OBJECT-TYPE
828 SYNTAX SEQUENCE OF IpsAuthCredKerbAttributesEntry
829 MAX-ACCESS not-accessible
832 "A list of Kerberos attributes for credentials that
833 use ipsAuthMethodKerberos as their ipsAuthCredAuthMethod.
835 A row in this table can only exist when an instance of
836 the ipsAuthCredAuthMethod object exists (or is created
837 simultaneously) having the same instance identifiers
838 and a value of 'ipsAuthMethodKerb'."
839 ::= { ipsAuthCredKerberos 1 }
841 ipsAuthCredKerbAttributesEntry OBJECT-TYPE
842 SYNTAX IpsAuthCredKerbAttributesEntry
843 MAX-ACCESS not-accessible
846 "An entry (row) containing management information
847 applicable to a credential that uses
848 ipsAuthMethodKerberos as its ipsAuthCredAuthMethod.
850 When a row is created in ipsAuthCredentialAttributesTable
851 with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
852 management station must create a corresponding row
855 When a row is deleted from ipsAuthCredentialAttributesTable
856 with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
857 agent must delete the corresponding row (if any) in
859 INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
860 ::= { ipsAuthCredKerbAttributesTable 1 }
862 IpsAuthCredKerbAttributesEntry ::= SEQUENCE {
866 ipsAuthCredKerbPrincipal SnmpAdminString,
867 ipsAuthCredKerbRowStatus RowStatus,
868 ipsAuthCredKerbStorageType StorageType
871 ipsAuthCredKerbPrincipal OBJECT-TYPE
872 SYNTAX SnmpAdminString
873 MAX-ACCESS read-create
876 "A character string containing a Kerberos principal
877 for this credential."
879 "C. Neuman, S. Hartman, and K. Raeburn, RFC 4120:
880 The Kerberos Network Authentication Service (V5),
882 ::= { ipsAuthCredKerbAttributesEntry 1 }
884 ipsAuthCredKerbRowStatus OBJECT-TYPE
886 MAX-ACCESS read-create
889 "This field allows entries to be dynamically added and
890 removed from this table via SNMP. When adding a row to
891 this table, all non-Index/RowStatus objects must be set.
892 Rows may be discarded using RowStatus. The value of
893 ipsAuthCredKerbPrincipal may be changed while this row
895 ::= { ipsAuthCredKerbAttributesEntry 2 }
897 ipsAuthCredKerbStorageType OBJECT-TYPE
899 MAX-ACCESS read-create
902 "The storage type for all read-create objects in this row.
903 Rows in this table that were created through an external
904 process may have a storage type of readOnly or permanent.
905 Conceptual rows having the value 'permanent' need not
906 allow write access to any columnar objects in the row."
907 DEFVAL { nonVolatile }
908 ::= { ipsAuthCredKerbAttributesEntry 3 }
910 --******************************************************************
913 -- There are no notifications necessary in this MIB module.
917 --******************************************************************
919 -- Conformance Statements
921 ipsAuthCompliances OBJECT IDENTIFIER ::= { ipsAuthConformance 1 }
922 ipsAuthGroups OBJECT IDENTIFIER ::= { ipsAuthConformance 2 }
924 ipsAuthInstanceAttributesGroup OBJECT-GROUP
927 ipsAuthInstStorageType
931 "A collection of objects providing information about
932 authorization instances."
933 ::= { ipsAuthGroups 1 }
935 ipsAuthIdentAttributesGroup OBJECT-GROUP
937 ipsAuthIdentDescription,
938 ipsAuthIdentRowStatus,
939 ipsAuthIdentStorageType
943 "A collection of objects providing information about
944 user identities within an authorization instance."
945 ::= { ipsAuthGroups 2 }
947 ipsAuthIdentNameAttributesGroup OBJECT-GROUP
950 ipsAuthIdentNameRowStatus,
951 ipsAuthIdentNameStorageType
955 "A collection of objects providing information about
956 user names within user identities within an authorization
958 ::= { ipsAuthGroups 3 }
960 ipsAuthIdentAddrAttributesGroup OBJECT-GROUP
962 ipsAuthIdentAddrType,
963 ipsAuthIdentAddrStart,
968 ipsAuthIdentAddrRowStatus,
969 ipsAuthIdentAddrStorageType
973 "A collection of objects providing information about
974 address ranges within user identities within an
975 authorization instance."
976 ::= { ipsAuthGroups 4 }
978 ipsAuthIdentCredAttributesGroup OBJECT-GROUP
980 ipsAuthCredAuthMethod,
981 ipsAuthCredRowStatus,
982 ipsAuthCredStorageType
986 "A collection of objects providing information about
987 credentials within user identities within an authorization
989 ::= { ipsAuthGroups 5 }
991 ipsAuthIdentChapAttrGroup OBJECT-GROUP
993 ipsAuthCredChapUserName,
994 ipsAuthCredChapRowStatus,
995 ipsAuthCredChapStorageType
999 "A collection of objects providing information about
1000 CHAP credentials within user identities within an
1001 authorization instance."
1002 ::= { ipsAuthGroups 6 }
1004 ipsAuthIdentSrpAttrGroup OBJECT-GROUP
1006 ipsAuthCredSrpUserName,
1007 ipsAuthCredSrpRowStatus,
1008 ipsAuthCredSrpStorageType
1012 "A collection of objects providing information about
1013 SRP credentials within user identities within an
1014 authorization instance."
1015 ::= { ipsAuthGroups 7 }
1019 ipsAuthIdentKerberosAttrGroup OBJECT-GROUP
1021 ipsAuthCredKerbPrincipal,
1022 ipsAuthCredKerbRowStatus,
1023 ipsAuthCredKerbStorageType
1027 "A collection of objects providing information about
1028 Kerberos credentials within user identities within an
1029 authorization instance."
1030 ::= { ipsAuthGroups 8 }
1032 --******************************************************************
1034 ipsAuthComplianceV1 MODULE-COMPLIANCE
1037 "Initial version of compliance statement based on
1038 initial version of this MIB module.
1040 The Instance and Identity groups are mandatory;
1041 at least one of the other groups (Name, Address,
1042 Credential, Certificate) is also mandatory for
1043 any given implementation."
1044 MODULE -- this module
1046 ipsAuthInstanceAttributesGroup,
1047 ipsAuthIdentAttributesGroup
1050 -- Conditionally mandatory groups to be included with
1051 -- the mandatory groups when necessary.
1053 GROUP ipsAuthIdentNameAttributesGroup
1055 "This group is mandatory for all implementations
1056 that make use of unique identity names."
1058 GROUP ipsAuthIdentAddrAttributesGroup
1060 "This group is mandatory for all implementations
1061 that use addresses to help verify identities."
1063 GROUP ipsAuthIdentCredAttributesGroup
1065 "This group is mandatory for all implementations
1066 that use credentials to help verify identities."
1070 GROUP ipsAuthIdentChapAttrGroup
1072 "This group is mandatory for all implementations
1073 that use CHAP to help verify identities.
1075 The ipsAuthIdentCredAttributesGroup must be
1076 implemented if this group is implemented."
1078 GROUP ipsAuthIdentSrpAttrGroup
1080 "This group is mandatory for all implementations
1081 that use SRP to help verify identities.
1083 The ipsAuthIdentCredAttributesGroup must be
1084 implemented if this group is implemented."
1086 GROUP ipsAuthIdentKerberosAttrGroup
1088 "This group is mandatory for all implementations
1089 that use Kerberos to help verify identities.
1091 The ipsAuthIdentCredAttributesGroup must be
1092 implemented if this group is implemented."
1094 OBJECT ipsAuthInstDescr
1095 MIN-ACCESS read-only
1097 "Write access is not required."
1099 OBJECT ipsAuthInstStorageType
1100 MIN-ACCESS read-only
1102 "Write access is not required."
1104 OBJECT ipsAuthIdentDescription
1105 MIN-ACCESS read-only
1107 "Write access is not required."
1109 OBJECT ipsAuthIdentRowStatus
1110 SYNTAX INTEGER { active(1) } -- subset of RowStatus
1111 MIN-ACCESS read-only
1113 "Write access is not required, and only one of the
1114 six enumerated values for the RowStatus textual
1115 convention need be supported, specifically:
1121 OBJECT ipsAuthIdentName
1122 MIN-ACCESS read-only
1124 "Write access is not required."
1126 OBJECT ipsAuthIdentNameRowStatus
1127 SYNTAX INTEGER { active(1) } -- subset of RowStatus
1128 MIN-ACCESS read-only
1130 "Write access is not required, and only one of the
1131 six enumerated values for the RowStatus textual
1132 convention need be supported, specifically:
1135 OBJECT ipsAuthIdentAddrType
1136 MIN-ACCESS read-only
1138 "Write access is not required."
1140 OBJECT ipsAuthIdentAddrStart
1141 MIN-ACCESS read-only
1143 "Write access is not required."
1145 OBJECT ipsAuthIdentAddrEnd
1146 MIN-ACCESS read-only
1148 "Write access is not required."
1150 OBJECT ipsAuthIdentAddrRowStatus
1151 SYNTAX INTEGER { active(1) } -- subset of RowStatus
1152 MIN-ACCESS read-only
1154 "Write access is not required, and only one of the
1155 six enumerated values for the RowStatus textual
1156 convention need be supported, specifically:
1159 OBJECT ipsAuthCredAuthMethod
1160 MIN-ACCESS read-only
1162 "Write access is not required."
1164 OBJECT ipsAuthCredRowStatus
1165 SYNTAX INTEGER { active(1) } -- subset of RowStatus
1166 MIN-ACCESS read-only
1168 "Write access is not required, and only one of the
1172 six enumerated values for the RowStatus textual
1173 convention need be supported, specifically:
1176 OBJECT ipsAuthCredChapUserName
1177 MIN-ACCESS read-only
1179 "Write access is not required."
1181 OBJECT ipsAuthCredChapRowStatus
1182 SYNTAX INTEGER { active(1) } -- subset of RowStatus
1183 MIN-ACCESS read-only
1185 "Write access is not required, and only one of the
1186 six enumerated values for the RowStatus textual
1187 convention need be supported, specifically:
1190 OBJECT ipsAuthCredSrpUserName
1191 MIN-ACCESS read-only
1193 "Write access is not required."
1195 OBJECT ipsAuthCredSrpRowStatus
1196 SYNTAX INTEGER { active(1) } -- subset of RowStatus
1197 MIN-ACCESS read-only
1199 "Write access is not required, and only one of the
1200 six enumerated values for the RowStatus textual
1201 convention need be supported, specifically:
1204 OBJECT ipsAuthCredKerbPrincipal
1205 MIN-ACCESS read-only
1207 "Write access is not required."
1209 OBJECT ipsAuthCredKerbRowStatus
1210 SYNTAX INTEGER { active(1) } -- subset of RowStatus
1211 MIN-ACCESS read-only
1213 "Write access is not required, and only one of the six
1214 enumerated values for the RowStatus textual convention need
1215 be supported, specifically: active(1)."
1217 ::= { ipsAuthCompliances 1 }