Connected: An Internet Encyclopedia
2.4. The SNMPv2 Party Database Group
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1447
Up:
2. Definitions
Prev: 2.3. Object Assignments
Next: 2.5. The SNMPv2 Contexts Database Group
2.4. The SNMPv2 Party Database Group
2.4. The SNMPv2 Party Database Group
-- the SNMPv2 party database group
snmpParties OBJECT IDENTIFIER ::= { partyMIBObjects 1 }
partyTable OBJECT-TYPE
SYNTAX SEQUENCE OF PartyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The SNMPv2 Party database."
::= { snmpParties 1 }
partyEntry OBJECT-TYPE
SYNTAX PartyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Locally held information about a particular
SNMPv2 party."
INDEX { IMPLIED partyIdentity }
::= { partyTable 1 }
PartyEntry ::=
SEQUENCE {
partyIdentity Party,
partyIndex INTEGER,
partyTDomain OBJECT IDENTIFIER,
partyTAddress TAddress,
partyMaxMessageSize INTEGER,
partyLocal TruthValue,
partyAuthProtocol OBJECT IDENTIFIER,
partyAuthClock Clock,
partyAuthPrivate OCTET STRING,
partyAuthPublic OCTET STRING,
partyAuthLifetime INTEGER,
partyPrivProtocol OBJECT IDENTIFIER,
partyPrivPrivate OCTET STRING,
partyPrivPublic OCTET STRING,
partyCloneFrom Party,
partyStorageType StorageType,
partyStatus RowStatus
}
partyIdentity OBJECT-TYPE
SYNTAX Party
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A party identifier uniquely identifying a
particular SNMPv2 party."
::= { partyEntry 1 }
partyIndex OBJECT-TYPE
SYNTAX INTEGER (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique value for each SNMPv2 party. The value
for each SNMPv2 party must remain constant at
least from one re-initialization of the entity's
network management system to the next re-
initialization."
::= { partyEntry 2 }
partyTDomain OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the kind of transport service by which
the party receives network management traffic."
DEFVAL { snmpUDPDomain }
::= { partyEntry 3 }
partyTAddress OBJECT-TYPE
SYNTAX TAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The transport service address by which the party
receives network management traffic, formatted
according to the corresponding value of
partyTDomain. For snmpUDPDomain, partyTAddress is
formatted as a 4-octet IP Address concatenated
with a 2-octet UDP port number."
DEFVAL { '000000000000'H }
::= { partyEntry 4 }
partyMaxMessageSize OBJECT-TYPE
SYNTAX INTEGER (484..65507)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The maximum length in octets of a SNMPv2 message
which this party will accept. For parties which
execute at an agent, the agent initializes this
object to the maximum length supported by the
agent, and does not let the object be set to any
larger value. For parties which do not execute at
the agent, the agent must allow the manager to set
this object to any legal value, even if it is
larger than the agent can generate."
DEFVAL { 484 }
::= { partyEntry 5 }
partyLocal OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An indication of whether this party executes at
this SNMPv2 entity. If this object has a value of
true(1), then the SNMPv2 entity will listen for
SNMPv2 messages on the partyTAddress associated
with this party. If this object has the value
false(2), then the SNMPv2 entity will not listen
for SNMPv2 messages on the partyTAddress
associated with this party."
DEFVAL { false }
::= { partyEntry 6 }
partyAuthProtocol OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The authentication protocol by which all messages
generated by the party are authenticated as to
origin and integrity. The value noAuth signifies
that messages generated by the party are not
authenticated.
Once an instance of this object is created, its
value can not be changed."
DEFVAL { v2md5AuthProtocol }
::= { partyEntry 7 }
partyAuthClock OBJECT-TYPE
SYNTAX Clock
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The authentication clock which represents the
local notion of the current time specific to the
party. This value must not be decremented unless
the party's private authentication key is changed
simultaneously."
DEFVAL { 0 }
::= { partyEntry 8 }
partyAuthPrivate OBJECT-TYPE
SYNTAX OCTET STRING
-- for v2md5AuthProtocol: (SIZE (16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An encoding of the party's private authentication
key which may be needed to support the
authentication protocol. Although the value of
this variable may be altered by a management
operation (e.g., a SNMPv2 Set-Request), its value
can never be retrieved by a management operation:
when read, the value of this variable is the zero
length OCTET STRING.
The private authentication key is NOT directly
represented by the value of this variable, but
rather it is represented according to an encoding.
This encoding is the bitwise exclusive-OR of the
old key with the new key, i.e., of the old private
authentication key (prior to the alteration) with
the new private authentication key (after the
alteration). Thus, when processing a received
protocol Set operation, the new private
authentication key is obtained from the value of
this variable as the result of a bitwise
exclusive-OR of the variable's value and the old
private authentication key. In calculating the
exclusive-OR, if the old key is shorter than the
new key, zero-valued padding is appended to the
old key. If no value for the old key exists, a
zero-length OCTET STRING is used in the
calculation."
DEFVAL { ''H } -- the empty string
::= { partyEntry 9 }
partyAuthPublic OBJECT-TYPE
SYNTAX OCTET STRING
-- for v2md5AuthProtocol: (SIZE (0..16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A publically-readable value for the party.
Depending on the party's authentication protocol,
this value may be needed to support the party's
authentication protocol. Alternatively, it may be
used by a manager during the procedure for
altering secret information about a party. (For
example, by altering the value of an instance of
this object in the same SNMPv2 Set-Request used to
update an instance of partyAuthPrivate, a
subsequent Get-Request can determine if the Set-
Request was successful in the event that no
response to the Set-Request is received, see [4].)
The length of the value is dependent on the
party's authentication protocol. If not used by
the authentication protocol, it is recommended
that agents support values of any length up to and
including the length of the corresponding
partyAuthPrivate object."
DEFVAL { ''H } -- the empty string
::= { partyEntry 10 }
partyAuthLifetime OBJECT-TYPE
SYNTAX INTEGER (0..2147483647)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The lifetime (in units of seconds) which
represents an administrative upper bound on
acceptable delivery delay for protocol messages
generated by the party.
Once an instance of this object is created, its
value can not be changed."
DEFVAL { 300 }
::= { partyEntry 11 }
partyPrivProtocol OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The privacy protocol by which all protocol
messages received by the party are protected from
disclosure. The value noPriv signifies that
messages received by the party are not protected.
Once an instance of this object is created, its
value can not be changed."
DEFVAL { noPriv }
::= { partyEntry 12 }
partyPrivPrivate OBJECT-TYPE
SYNTAX OCTET STRING
-- for desPrivProtocol: (SIZE (16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An encoding of the party's private encryption key
which may be needed to support the privacy
protocol. Although the value of this variable may
be altered by a management operation (e.g., a
SNMPv2 Set-Request), its value can never be
retrieved by a management operation: when read,
the value of this variable is the zero length
OCTET STRING.
The private encryption key is NOT directly
represented by the value of this variable, but
rather it is represented according to an encoding.
This encoding is the bitwise exclusive-OR of the
old key with the new key, i.e., of the old private
encryption key (prior to the alteration) with the
new private encryption key (after the alteration).
Thus, when processing a received protocol Set
operation, the new private encryption key is
obtained from the value of this variable as the
result of a bitwise exclusive-OR of the variable's
value and the old private encryption key. In
calculating the exclusive-OR, if the old key is
shorter than the new key, zero-valued padding is
appended to the old key. If no value for the old
key exists, a zero-length OCTET STRING is used in
the calculation."
DEFVAL { ''H } -- the empty string
::= { partyEntry 13 }
partyPrivPublic OBJECT-TYPE
SYNTAX OCTET STRING
-- for desPrivProtocol: (SIZE (0..16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A publically-readable value for the party.
Depending on the party's privacy protocol, this
value may be needed to support the party's privacy
protocol. Alternatively, it may be used by a
manager as a part of its procedure for altering
secret information about a party. (For example,
by altering the value of an instance of this
object in the same SNMPv2 Set-Request used to
update an instance of partyPrivPrivate, a
subsequent Get-Request can determine if the Set-
Request was successful in the event that no
response to the Set-Request is received, see [4].)
The length of the value is dependent on the
party's privacy protocol. If not used by the
privacy protocol, it is recommended that agents
support values of any length up to and including
the length of the corresponding partyPrivPrivate
object."
DEFVAL { ''H } -- the empty string
::= { partyEntry 14 }
partyCloneFrom OBJECT-TYPE
SYNTAX Party
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The identity of a party to clone authentication
and privacy parameters from. When read, the value
{ 0 0 } is returned.
This value must be written exactly once, when the
associated instance of partyStatus either does not
exist or has the value `notReady'. When written,
the value identifies a party, the cloning party,
whose status column has the value `active'. The
cloning party is used in two ways.
One, if instances of the following objects do not
exist for the party being created, then they are
created with values identical to those of the
corresponding objects for the cloning party:
partyAuthProtocol
partyAuthPublic
partyAuthLifetime
partyPrivProtocol
partyPrivPublic
Two, instances of the following objects are
updated using the corresponding values of the
cloning party:
partyAuthPrivate
partyPrivPrivate
(e.g., the value of the cloning party's instance
of the partyAuthPrivate object is XOR'd with the
value of the partyAuthPrivate instances of the
party being created.)"
::= { partyEntry 15 }
partyStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row in the
partyTable."
DEFVAL { nonVolatile }
::= { partyEntry 16 }
partyStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row in the
partyTable.
A party is not qualified for activation until
instances of all columns of its partyEntry row
have an appropriate value. In particular:
A value must be written to the Party's
partyCloneFrom object.
If the Party's partyAuthProtocol object has the
value md5AuthProtocol, then the corresponding
instance of partyAuthPrivate must contain a
secret of the appropriate length. Further, at
least one management protocol set operation
updating the value of the party's
partyAuthPrivate object must be successfully
processed, before the partyAuthPrivate column is
considered appropriately configured.
If the Party's partyPrivProtocol object has the
value desPrivProtocol, then the corresponding
instance of partyPrivPrivate must contain a
secret of the appropriate length. Further, at
least one management protocol set operation
updating the value of the party's
partyPrivPrivate object must be successfully
processed, before the partyPrivPrivate column is
considered appropriately configured.
Until instances of all corresponding columns are
appropriately configured, the value of the
corresponding instance of the partyStatus column is
`notReady'."
::= { partyEntry 17 }
Next: 2.5. The SNMPv2 Contexts Database Group
Connected: An Internet Encyclopedia
2.4. The SNMPv2 Party Database Group