version 1, including all changes.
.
Rev |
Author |
# |
Line |
1 |
perry |
1 |
SNMPUSM |
|
|
2 |
!!!SNMPUSM |
|
|
3 |
NAME |
|
|
4 |
SYNOPSIS |
|
|
5 |
DESCRIPTION |
|
|
6 |
EXAMPLES |
|
|
7 |
SEE ALSO |
|
|
8 |
---- |
|
|
9 |
!!NAME |
|
|
10 |
|
|
|
11 |
|
|
|
12 |
snmpusm - creates and maintains SNMPv3 user's on a remote entity. |
|
|
13 |
!!SYNOPSIS |
|
|
14 |
|
|
|
15 |
|
|
|
16 |
snmpusm [[ common arguments ] create username |
|
|
17 |
[[cloneFromUser] |
|
|
18 |
snmpusm [[ common arguments ] delete username |
|
|
19 |
snmpusm [[ common arguments ] cloneFrom username |
|
|
20 |
cloneFromUser |
|
|
21 |
snmpusm [[ common arguments ] passwd [[-Co] [[-Ca] [[-Cx] |
|
|
22 |
old_passphrase new_passphrase |
|
|
23 |
!!DESCRIPTION |
|
|
24 |
|
|
|
25 |
|
|
|
26 |
Snmpusm is an SNMP application that can be used to do simple |
|
|
27 |
maintenance on a SNMP agent's User based Security Module |
|
|
28 |
(USM) table. You can create, delete, clone, and change the |
|
|
29 |
password of users configured on a running SNMP |
|
|
30 |
agent. |
|
|
31 |
|
|
|
32 |
|
|
|
33 |
The SNMPv3 USM specifications (see RFC2574) dictate that |
|
|
34 |
users are created and maintained by adding and modifying |
|
|
35 |
rows to the usmUser MIB table. To create a new user you |
|
|
36 |
simply create the row using an snmpset. User's profiles |
|
|
37 |
contain private keys that are never transmitted over the |
|
|
38 |
wire in clear text (regardless of whether the administration |
|
|
39 |
requests are in encrypted or not). |
|
|
40 |
|
|
|
41 |
|
|
|
42 |
The secret key for a user is initially set by cloning |
|
|
43 |
another user in the table, so that a new user inherits the |
|
|
44 |
cloned user's secret key. A user can only be cloned once, |
|
|
45 |
however, after which they must be deleted and re-created to |
|
|
46 |
be re-cloned. The authentication and privacy security types |
|
|
47 |
are also inherited during this cloning (E.G., MD5 vs SHA1). |
|
|
48 |
To change the secret key for a user, you must know the |
|
|
49 |
user's old passphrase as well as the new one. The passwd |
|
|
50 |
sub-command of the snmpusm command, therefore, requires both |
|
|
51 |
the new and the old password to be supplied. After cloning |
|
|
52 |
from the appropriate template, you should immediately change |
|
|
53 |
the new users password. |
|
|
54 |
|
|
|
55 |
|
|
|
56 |
The ucd-snmp agent must first be initialized so that at |
|
|
57 |
least one user is setup in it before you can use this |
|
|
58 |
command to clone new ones. See the ''snmpd.conf(5)'' |
|
|
59 |
manual page on the __createUser__ configuration |
|
|
60 |
parameter. |
|
|
61 |
!!EXAMPLES |
|
|
62 |
|
|
|
63 |
|
|
|
64 |
Lets assume for our examples that the following VACM and USM |
|
|
65 |
configurations lines were in the snmpd.conf file for a |
|
|
66 |
ucd-snmp agent, which sets up a default user called |
|
|
67 |
|
|
|
68 |
|
|
|
69 |
# VACM configuration entries |
|
|
70 |
rwuser initial |
|
|
71 |
# lets add the new user we'll create too: |
|
|
72 |
rwuser wes |
|
|
73 |
# USM configuration entries |
|
|
74 |
createUser initial MD5 setup_password DES |
|
|
75 |
|
|
|
76 |
|
|
|
77 |
Note: that the |
|
|
78 |
|
|
|
79 |
|
|
|
80 |
Note: passwords (passphrases really) must be 8 characters |
|
|
81 |
minimum in length. |
|
|
82 |
|
|
|
83 |
|
|
|
84 |
snmpusm -v 3 -u initial -n |
|
|
85 |
|
|
|
86 |
|
|
|
87 |
Creates a new user, here named |
|
|
88 |
|
|
|
89 |
|
|
|
90 |
snmpusm -v 3 -u wes -n |
|
|
91 |
|
|
|
92 |
|
|
|
93 |
After creating the user |
|
|
94 |
|
|
|
95 |
|
|
|
96 |
snmpget -v 3 -u wes -n |
|
|
97 |
|
|
|
98 |
|
|
|
99 |
If the above commands were successful, this command should |
|
|
100 |
have properly performed an authenticated snmpv3 GET request |
|
|
101 |
to the agent. |
|
|
102 |
|
|
|
103 |
|
|
|
104 |
Now, go remove the vacm |
|
|
105 |
!!SEE ALSO |
|
|
106 |
|
|
|
107 |
|
|
|
108 |
snmpd.conf(5), snmp.conf(5) |
|
|
109 |
---- |