Connected: An Internet Encyclopedia
2.2.1. Initial Party and Context Identifiers
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1447
Up:
2. Definitions
Up:
2.2. Administrative Assignments
Prev: 2.2. Administrative Assignments
Next: 2.3. Object Assignments
2.2.1. Initial Party and Context Identifiers
2.2.1. Initial Party and Context Identifiers
-- Definition of Initial Party and Context Identifiers
-- When devices are installed, they need to be configured
-- with an initial set of SNMPv2 parties and contexts. The
-- configuration of SNMPv2 parties and contexts requires (among
-- other things) the assignment of several OBJECT IDENTIFIERs.
-- Any local network administration can obtain the delegated
-- authority necessary to assign its own OBJECT IDENTIFIERs.
-- However, to provide for those administrations who have not
-- obtained the necessary authority, this document allocates a
-- branch of the naming tree for use with the following
-- conventions.
initialPartyId OBJECT IDENTIFIER ::= { partyAdmin 3 }
initialContextId
OBJECT IDENTIFIER ::= { partyAdmin 4 }
-- Note these are identified as "initial" party and context
-- identifiers since these allow secure SNMPv2 communication
-- to proceed, thereby allowing further SNMPv2 parties to be
-- configured through use of the SNMPv2 itself.
-- The following definitions identify a party identifier, and
-- specify the initial values of various object instances
-- indexed by that identifier. In addition, the SNMPv2
-- context, access control policy, and MIB view information
-- assigned, by convention, are identified.
-- Party Identifiers for use as initial SNMPv2 parties
-- at IP address a.b.c.d
-- Note that for all OBJECT IDENTIFIERs assigned under
-- initialPartyId, the four sub-identifiers immediately
-- following initialPartyId represent the four octets of
-- an IP address. Initial party identifiers for other address
-- families are assigned under a different OBJECT IDENTIFIER,
-- as defined elsewhere.
-- Devices which support SNMPv2 as entities acting in an
-- agent role, and accessed via the snmpUDPDomain transport
-- domain, are required to be configured with the appropriate
-- set of the following as implicit assignments as and when
-- they are configured with an IP address. The appropriate
-- set is all those applicable to the authentication and
-- privacy protocols supported by the device.
-- a noAuth/noPriv party which executes at the agent
-- partyIdentity = { initialPartyId a b c d 1 }
-- partyIndex = 1
-- partyTDomain = snmpUDPDomain
-- partyTAddress = a.b.c.d, 161
-- partyLocal = true (in agent's database)
-- partyAuthProtocol = noAuth
-- partyAuthClock = 0
-- partyAuthPrivate = ''H (the empty string)
-- partyAuthPublic = ''H (the empty string)
-- partyAuthLifetime = 0
-- partyPrivProtocol = noPriv
-- partyPrivPrivate = ''H (the empty string)
-- partyPrivPublic = ''H (the empty string)
-- a noAuth/noPriv party which executes at a manager
-- partyIdentity = { initialPartyId a b c d 2 }
-- partyIndex = 2
-- partyTDomain = snmpUDPDomain
-- partyTAddress = assigned by local administration
-- partyLocal = false (in agent's database)
-- partyAuthProtocol = noAuth
-- partyAuthClock = 0
-- partyAuthPrivate = ''H (the empty string)
-- partyAuthPublic = ''H (the empty string)
-- partyAuthLifetime = 0
-- partyPrivProtocol = noPriv
-- partyPrivPrivate = ''H (the empty string)
-- partyPrivPublic = ''H (the empty string)
-- a md5Auth/noPriv party which executes at the agent
-- partyIdentity = { initialPartyId a b c d 3 }
-- partyIndex = 3
-- partyTDomain = snmpUDPDomain
-- partyTAddress = a.b.c.d, 161
-- partyLocal = true (in agent's database)
-- partyAuthProtocol = v2md5AuthProtocol
-- partyAuthClock = 0
-- partyAuthPrivate = assigned by local administration
-- partyAuthPublic = ''H (the empty string)
-- partyAuthLifetime = 300
-- partyPrivProtocol = noPriv
-- partyPrivPrivate = ''H (the empty string)
-- partyPrivPublic = ''H (the empty string)
-- a md5Auth/noPriv party which executes at a manager
-- partyIdentity = { initialPartyId a b c d 4 }
-- partyIndex = 4
-- partyTDomain = snmpUDPDomain
-- partyTAddress = assigned by local administration
-- partyLocal = false (in agent's database)
-- partyAuthProtocol = v2md5AuthProtocol
-- partyAuthClock = 0
-- partyAuthPrivate = assigned by local administration
-- partyAuthPublic = ''H (the empty string)
-- partyAuthLifetime = 300
-- partyPrivProtocol = noPriv
-- partyPrivPrivate = ''H (the empty string)
-- partyPrivPublic = ''H (the empty string)
-- a md5Auth/desPriv party which executes at the agent
-- partyIdentity = { initialPartyId a b c d 5 }
-- partyIndex = 5
-- partyTDomain = snmpUDPDomain
-- partyTAddress = a.b.c.d, 161
-- partyLocal = true (in agent's database)
-- partyAuthProtocol = v2md5AuthProtocol
-- partyAuthClock = 0
-- partyAuthPrivate = assigned by local administration
-- partyAuthPublic = ''H (the empty string)
-- partyAuthLifetime = 300
-- partyPrivProtocol = desPrivProtocol
-- partyPrivPrivate = assigned by local administration
-- partyPrivPublic = ''H (the empty string)
-- a md5Auth/desPriv party which executes at a manager
-- partyIdentity = { initialPartyId a b c d 6 }
-- partyIndex = 6
-- partyTDomain = snmpUDPDomain
-- partyTAddress = assigned by local administration
-- partyLocal = false (in agent's database)
-- partyAuthProtocol = v2md5AuthProtocol
-- partyAuthClock = 0
-- partyAuthPrivate = assigned by local administration
-- partyAuthPublic = ''H (the empty string)
-- partyAuthLifetime = 300
-- partyPrivProtocol = desPrivProtocol
-- partyPrivPrivate = assigned by local administration
-- partyPrivPublic = ''H (the empty string)
-- the initial SNMPv2 contexts assigned, by convention, are:
-- contextIdentity = { initialContextId a b c d 1 }
-- contextIndex = 1
-- contextLocal = true (in agent's database)
-- contextViewIndex = 1
-- contextLocalEntity = ''H (the empty string)
-- contextLocalTime = currentTime
-- contextProxyDstParty = { 0 0 }
-- contextProxySrcParty = { 0 0 }
-- contextProxyContext = { 0 0 }
-- contextIdentity = { initialContextId a b c d 2 }
-- contextIndex = 2
-- contextLocal = true (in agent's database)
-- contextViewIndex = 2
-- contextLocalEntity = ''H (the empty string)
-- contextLocalTime = currentTime
-- contextProxyDstParty = { 0 0 }
-- contextProxySrcParty = { 0 0 }
-- contextProxyContext = { 0 0 }
-- The initial access control policy assigned, by
-- convention, is:
-- aclTarget = 1
-- aclSubject = 2
-- aclResources = 1
-- aclPrivileges = 35 (Get, Get-Next & Get-Bulk)
-- aclTarget = 2
-- aclSubject = 1
-- aclResources = 1
-- aclPrivileges = 132 (Response & SNMPv2-Trap)
-- aclTarget = 3
-- aclSubject = 4
-- aclResources = 2
-- aclPrivileges = 43 (Get, Get-Next, Set & Get-Bulk)
-- aclTarget = 4
-- aclSubject = 3
-- aclResources = 2
-- aclPrivileges = 4 (Response)
-- aclTarget = 5
-- aclSubject = 6
-- aclResources = 2
-- aclPrivileges = 43 (Get, Get-Next, Set & Get-Bulk)
-- aclTarget = 6
-- aclSubject = 5
-- aclResources = 2
-- aclPrivileges = 4 (Response)
-- Note that the initial context and access control
-- information assigned above, by default, to the
-- md5Auth/desPriv parties are identical to those assigned to
-- the md5Auth/noPriv parties. However, each administration
-- may choose to have different authorization policies,
-- depending on whether privacy is used.
-- The initial MIB views assigned, by convention, are:
-- viewIndex = 1
-- viewSubtree = system
-- viewMask = ''H
-- viewType = included
-- viewIndex = 1
-- viewSubtree = snmpStats
-- viewMask = ''H
-- viewType = included
-- viewIndex = 1
-- viewSubtree = snmpParties
-- viewMask = ''H
-- viewType = included
-- viewIndex = 2
-- viewSubtree = internet
-- viewMask = ''H
-- viewType = included
-- Note that full access to the partyTable, contextTable,
-- aclTable, and viewTable gives a manager the ability to
-- configure any parties with any/all capabilities (the
-- equivalent of "root" access). A lesser manager can be
-- given access only to the partyTable so that it can
-- maintain its own parties, but not increase/decrease
-- their capabilities. Such a lesser manager can also
-- create new parties but they are of no use to it.
Next: 2.3. Object Assignments
Connected: An Internet Encyclopedia
2.2.1. Initial Party and Context Identifiers