-- extracted from draft-ietf-ips-auth-mib-00.txt -- at Fri May 14 06:20:53 2004 IPS-AUTH-MIB DEFINITIONS ::= BEGIN -- 2/21-2002 Initial version -- still some work to do (editor search for "Work") IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, NOTIFICATION-TYPE, Unsigned32, experimental FROM SNMPv2-SMI TEXTUAL-CONVENTION, RowStatus, AutonomousType FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC 2571 -- These are from draft-ietf-ops-rfc2851-update-06.txt -- You will have to work out the details with your own -- compiler being because they are so new. InetAddressType, InetAddress FROM INET-ADDRESS-MIB ; ipsAuthModule MODULE-IDENTITY LAST-UPDATED "200202210000Z" ORGANIZATION "IETF IPS Working Group" CONTACT-INFO " Mark Bakke Postal: Cisco Systems, Inc 6450 Wedgwood Road, Suite 130 Maple Grove, MN USA 55311 Tel: +1 763-398-1000 Fax: +1 763-398-1001 E-mail: mbakke@cisco.com" DESCRIPTION "The IP Storage Authorization MIB module." REVISION "200202210000Z" -- February 21, 2001 DESCRIPTION "Initial revision published as RFC xxxx." --::= { mib-2 xx } -- to be assigned by IANA. ::= { experimental 99999 } -- in case you want to COMPILE ipsAuthObjects OBJECT IDENTIFIER ::= { ipsAuthModule 1 } ipsAuthNotifications OBJECT IDENTIFIER ::= { ipsAuthModule 2 } ipsAuthConformance OBJECT IDENTIFIER ::= { ipsAuthModule 3 } -- Textual Conventions ------------------------------------------------------------------------ ipsAuthDescriptors OBJECT IDENTIFIER ::= { ipsAuthObjects 1 } ipsAuthMethodTypes OBJECT IDENTIFIER ::= { ipsAuthDescriptors 1 } ipsAuthMethodNone OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when no authentication method is used." REFERENCE "iSCSI Protocol Specification." ::= { ipsAuthMethodTypes 1 } ipsAuthMethodSrp OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the authentication method is SRP." REFERENCE "iSCSI Protocol Specification." ::= { ipsAuthMethodTypes 2 } ipsAuthMethodChap OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the authentication method is CHAP." REFERENCE "iSCSI Protocol Specification." ::= { ipsAuthMethodTypes 3 } ipsAuthMethodKrb5 OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the authentication method is KRB-5." REFERENCE "iSCSI Protocol Specification." ::= { ipsAuthMethodTypes 4 } ipsAuthMethodSpkm1 OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the authentication method is SPKM-1." REFERENCE "iSCSI Protocol Specification." ::= { ipsAuthMethodTypes 5 } ipsAuthMethodSpkm2 OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the authentication method is SPKM-2." REFERENCE "iSCSI Protocol Specification." ::= { ipsAuthMethodTypes 6 } ---------------------------------------------------------------------- ipsAuthInstance OBJECT IDENTIFIER ::= { ipsAuthObjects 2 } -- Instance Attributes Table ipsAuthInstanceAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthInstanceAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of iSCSI instances present on the system." ::= { ipsAuthInstance 2 } ipsAuthInstanceAttributesEntry OBJECT-TYPE SYNTAX IpsAuthInstanceAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing managment information applicable to a particular iSCSI instance." INDEX { ipsAuthInstIndex } ::= { ipsAuthInstanceAttributesTable 1 } IpsAuthInstanceAttributesEntry ::= SEQUENCE { ipsAuthInstIndex Unsigned32, ipsAuthInstDescr SnmpAdminString } ipsAuthInstIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular authentication instance." ::= { ipsAuthInstanceAttributesEntry 1 } ipsAuthInstDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "An octet string, determined by the implementation to describe the authentication instance. When only a single instance is present, this object may be set to the zero-length string; with multiple authentication instances, it may be used in an implementation-dependent manner to describe the purpose of the respective instance." ::= { ipsAuthInstanceAttributesEntry 2 } ipsAuthCertificate OBJECT IDENTIFIER ::= { ipsAuthObjects 3 } -- Authorized Certificate Attributes Table ipsAuthCertAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthCertAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of certificates that may be used to authenticate user identities." ::= { ipsAuthCertificate 1 } ipsAuthCertAttributesEntry OBJECT-TYPE SYNTAX IpsAuthCertAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a certificate which may be used to authenticate a user identity within an authentication instance." INDEX { ipsAuthInstIndex, ipsAuthCertIndex } ::= { ipsAuthCertAttributesTable 1 } IpsAuthCertAttributesEntry ::= SEQUENCE { ipsAuthCertIndex Unsigned32, ipsAuthCertDescription SnmpAdminString, ipsAuthCertIdentity OCTET STRING, ipsAuthCert OCTET STRING, ipsAuthCertRowStatus RowStatus } ipsAuthCertIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular certificate instance within an authentication instance present on the node." ::= { ipsAuthCertAttributesEntry 1 } ipsAuthCertDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "An octet string describing this certificate." ::= { ipsAuthCertAttributesEntry 2 } ipsAuthCertIdentity OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "An octet string, which is either a copy of the XXX attribute from the certificate, or an empty string. If this attribute is not empty, it MUST match value of the XXX attribute from the certificate." ::= { ipsAuthCertAttributesEntry 3 } ipsAuthCert OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "The certificate, encoded in X.509 format." ::= { ipsAuthCertAttributesEntry 4 } ipsAuthCertRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This field allows entries to be dynamically added and removed from this table via SNMP." ::= { ipsAuthCertAttributesEntry 5 } ipsAuthIdentity OBJECT IDENTIFIER ::= { ipsAuthObjects 4 } -- iSCSI User Identity Attributes Table ipsAuthIdentAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthIdentAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of user identities, each belonging to a particular ipsAuthInstance." ::= { ipsAuthIdentity 1 } ipsAuthIdentAttributesEntry OBJECT-TYPE SYNTAX IpsAuthIdentAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information describing a user identity within an authentication instance on this node." INDEX { ipsAuthInstIndex, ipsAuthIdentIndex } ::= { ipsAuthIdentAttributesTable 1 } IpsAuthIdentAttributesEntry ::= SEQUENCE { ipsAuthIdentIndex Unsigned32, ipsAuthIdentDescription SnmpAdminString, ipsAuthIdentRowStatus RowStatus } ipsAuthIdentIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular identity instance within an authentication instance present on the node." ::= { ipsAuthIdentAttributesEntry 1 } ipsAuthIdentDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "An octet string describing this particular identity." ::= { ipsAuthIdentAttributesEntry 2 } ipsAuthIdentRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This field allows entries to be dynamically added and removed from this table via SNMP." ::= { ipsAuthIdentAttributesEntry 3 } ipsAuthIdentityName OBJECT IDENTIFIER ::= { ipsAuthObjects 5 } -- iSCSI User Initiator Name Attributes Table ipsAuthIdentNameAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthIdentNameAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of unique names that can be used to positively identify a particular user identity." ::= { ipsAuthIdentityName 1 } ipsAuthIdentNameAttributesEntry OBJECT-TYPE SYNTAX IpsAuthIdentNameAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a unique identity name which can be used to uniquely identify a user identity within a particular authentication instance." INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthIdentNameIndex } ::= { ipsAuthIdentNameAttributesTable 1 } IpsAuthIdentNameAttributesEntry ::= SEQUENCE { ipsAuthIdentNameIndex Unsigned32, ipsAuthIdentName SnmpAdminString, ipsAuthIdentNameRowStatus RowStatus } ipsAuthIdentNameIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular identity name instance within an ipsAuthIdentity within an authentication instance." ::= { ipsAuthIdentNameAttributesEntry 1 } ipsAuthIdentName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "A character string which is the unique name of an identity that may be used to identify this ipsAuthIdent entry." ::= { ipsAuthIdentNameAttributesEntry 2 } ipsAuthIdentNameRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This field allows entries to be dynamically added and removed from this table via SNMP." ::= { ipsAuthIdentNameAttributesEntry 3 } ipsAuthIdentityAddress OBJECT IDENTIFIER ::= { ipsAuthObjects 6 } -- iSCSI User Initiator Address Attributes Table -- Work: Add the FC stuff here and IANA Address family ipsAuthIdentAddrAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthIdentAddrAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of address ranges that are allowed to serve as the endpoint addresses of a particular identity. An address range includes a starting and ending address and an optional netmask, and an address type indicator, which can specify whether the address is IPv4, IPv6, FC-WWPN, or FC-WWNN." ::= { ipsAuthIdentityAddress 1 } ipsAuthIdentAddrAttributesEntry OBJECT-TYPE SYNTAX IpsAuthIdentAddrAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to an address range which is used as part of the authentication of an identity within an authentication instance on this node." INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthIdentAddrIndex } ::= { ipsAuthIdentAddrAttributesTable 1 } IpsAuthIdentAddrAttributesEntry ::= SEQUENCE { ipsAuthIdentAddrIndex Unsigned32, ipsAuthIdentAddrType InetAddressType, ipsAuthIdentAddrStart InetAddress, ipsAuthIdentAddrEnd InetAddress, ipsAuthIdentAddrMask InetAddress, ipsAuthIdentAddrRowStatus RowStatus } ipsAuthIdentAddrIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular ipsAuthIdentAddress instance within an ipsAuthIdentity within an authentication instance present on the node." ::= { ipsAuthIdentAddrAttributesEntry 1 } ipsAuthIdentAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Address in the ipsAuthIdentAddress start, end, and mask fields. This type is taken from the IANA address family types; more types may be registered independently of this MIB." ::= { ipsAuthIdentAddrAttributesEntry 2 } ipsAuthIdentAddrStart OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The starting address of the allowed address range." ::= { ipsAuthIdentAddrAttributesEntry 3 } ipsAuthIdentAddrEnd OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The ending address of the allowed address range. If the ipsAuthIdentAddrEntry specifies a single address, this shall match the ipsAuthIdentAddrStart." ::= { ipsAuthIdentAddrAttributesEntry 4 } -- Work: Need to think through whether we need a mask. ipsAuthIdentAddrMask OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The Address mask. -- NEED TO SPECIFY EXACTLY HOW USED W/RANGE" ::= { ipsAuthIdentAddrAttributesEntry 5 } ipsAuthIdentAddrRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This field allows entries to be dynamically added and removed from this table via SNMP." ::= { ipsAuthIdentAddrAttributesEntry 6 } ipsAuthCredential OBJECT IDENTIFIER ::= { ipsAuthObjects 7 } -- Identity Credential Attributes Table ipsAuthCredentialAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthCredentialAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of credentials related to user identities that are allowed as valid authenticators of the particular identity." ::= { ipsAuthCredential 1 } ipsAuthCredentialAttributesEntry OBJECT-TYPE SYNTAX IpsAuthCredentialAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a credential which authenticates a user identity within an authentication instance." INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex } ::= { ipsAuthCredentialAttributesTable 1 } IpsAuthCredentialAttributesEntry ::= SEQUENCE { ipsAuthCredIndex Unsigned32, ipsAuthCredAuthMethod AutonomousType, ipsAuthCredUserName SnmpAdminString, ipsAuthCredRowStatus RowStatus } ipsAuthCredIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular iSCSI Credential instance within an iSCSI instance present on the node." ::= { ipsAuthCredentialAttributesEntry 1 } ipsAuthCredAuthMethod OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-create STATUS current DESCRIPTION "This object contains an OBJECT IDENTIFIER which identifies the authentication method used with this credential. Some standardized values for this object are defined within the ipsAuthMethods subtree." ::= { ipsAuthCredentialAttributesEntry 2 } ipsAuthCredUserName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "An octet string containing the user name for this credential, if it is applicable to the ipsAuthCredAuthMethod." ::= { ipsAuthCredentialAttributesEntry 3 } ipsAuthCredRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This field allows entries to be dynamically added and removed from this table via SNMP." ::= { ipsAuthCredentialAttributesEntry 4 } ipsAuthCredChap OBJECT IDENTIFIER ::= { ipsAuthObjects 8 } -- Credential Chap-Specific Attributes Table ipsAuthCredChapAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthCredChapAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of CHAP attributes for credentials that have their ipsAuthCredAuthMethod == ipsAuthMethodChap." ::= { ipsAuthCredChap 1 } ipsAuthCredChapAttributesEntry OBJECT-TYPE SYNTAX IpsAuthCredChapAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a credential which has the ipsAuthCredAuthMethod set to the OID of ipsAuthMethodChap." INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex } ::= { ipsAuthCredChapAttributesTable 1 } IpsAuthCredChapAttributesEntry ::= SEQUENCE { ipsAuthCredChapUserName SnmpAdminString, ipsAuthCredChapPassword SnmpAdminString, ipsAuthCredChapRowStatus RowStatus } ipsAuthCredChapUserName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "An octet string containing the CHAP user name for this credential." ::= { ipsAuthCredChapAttributesEntry 1 } ipsAuthCredChapPassword OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "An octet string containing the password for this credential. If written, it changes the password for the credential. If read, it returns a zero-length string." ::= { ipsAuthCredChapAttributesEntry 2 } ipsAuthCredChapRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This field allows entries to be dynamically added and removed from this table via SNMP." ::= { ipsAuthCredChapAttributesEntry 3 } ipsAuthCredSrp OBJECT IDENTIFIER ::= { ipsAuthObjects 9 } -- Credential Srp-Specific Attributes Table ipsAuthCredSrpAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthCredSrpAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of SRP-specific attributes for credentials that have their ipsAuthCredAuthMethod == ipsAuthMethodSrp." ::= { ipsAuthCredSrp 1 } ipsAuthCredSrpAttributesEntry OBJECT-TYPE SYNTAX IpsAuthCredSrpAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a credential which has the ipsAuthCredAuthMethod set to the OID of ipsAuthMethodSrp." INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex } ::= { ipsAuthCredSrpAttributesTable 1 } IpsAuthCredSrpAttributesEntry ::= SEQUENCE { ipsAuthCredSrpUserName SnmpAdminString, ipsAuthCredSrpPasswordVerifier SnmpAdminString, ipsAuthCredSrpSalt SnmpAdminString, ipsAuthCredSrpRowStatus RowStatus } ipsAuthCredSrpUserName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "An octet string containing the CHAP user name for this credential." ::= { ipsAuthCredSrpAttributesEntry 1 } ipsAuthCredSrpPasswordVerifier OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "An octet string containing the SRP password verifier for this credential." ::= { ipsAuthCredSrpAttributesEntry 2 } -- Work: what is the size of Salt? Should it be an integer? ipsAuthCredSrpSalt OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "An octet string containing the salt value related to this credential." ::= { ipsAuthCredSrpAttributesEntry 3 } ipsAuthCredSrpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This field allows entries to be dynamically added and removed from this table via SNMP." ::= { ipsAuthCredSrpAttributesEntry 4 } ipsAuthCredSpkm OBJECT IDENTIFIER ::= { ipsAuthObjects 10 } -- Credential Spkm-Specific Attributes Table ipsAuthCredSpkmAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthCredSpkmAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of SPKM-specific attributes for credentials that have their ipsAuthCredAuthMethod == ipsAuthMethodSpkm." ::= { ipsAuthCredSpkm 1 } ipsAuthCredSpkmAttributesEntry OBJECT-TYPE SYNTAX IpsAuthCredSpkmAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a credential which has the ipsAuthCredAuthMethod set to the OID of ipsAuthMethodSpkm." INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex } ::= { ipsAuthCredSpkmAttributesTable 1 } -- Work: Do we need to split out the cert identity here, or in -- the certificate object? IpsAuthCredSpkmAttributesEntry ::= SEQUENCE { ipsAuthCredSpkmPeerIdentity OCTET STRING, ipsAuthCredSpkmPeerCert Unsigned32, ipsAuthCredSpkmMyCert Unsigned32, ipsAuthCredSpkmRowStatus RowStatus } -- Work: Should this go here, or with the cert, or both? ipsAuthCredSpkmPeerIdentity OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "The identity to be authenticated by the public key certificate. If ipsAuthCredSpkmPeerCert is not zero, this identity much match the XXXXXXX attribute within the certificate referenced by PeerCert." ::= { ipsAuthCredSpkmAttributesEntry 1 } ipsAuthCredSpkmPeerCert OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-create STATUS current DESCRIPTION "The index of the ipsAuthCertificateEntry that contains the certificate for the peer that is expected for this credential to be authenticated, or zero if this attribute is not used." ::= { ipsAuthCredSpkmAttributesEntry 2 } -- Work: I'm not sure that the following belongs here, yet. ipsAuthCredSpkmMyCert OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-create STATUS current DESCRIPTION "The index of the ipsAuthCertificateEntry that contains the certificate that will be provided to the other system when this this credential to be authenticated, or zero if this attribute is not used." ::= { ipsAuthCredSpkmAttributesEntry 3 } ipsAuthCredSpkmRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This field allows entries to be dynamically added and removed from this table via SNMP." ::= { ipsAuthCredSpkmAttributesEntry 4 } ipsAuthCredKerberos OBJECT IDENTIFIER ::= { ipsAuthObjects 11 } -- Credential Kerberos-Specific Attributes Table ipsAuthCredKerbAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthCredKerbAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of SRP-specific attributes for credentials that have their ipsAuthCredAuthMethod == ipsAuthMethodKerberos." ::= { ipsAuthCredKerberos 1 } ipsAuthCredKerbAttributesEntry OBJECT-TYPE SYNTAX IpsAuthCredKerbAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a credential which has the ipsAuthCredAuthMethod set to the OID of ipsAuthMethodKerberos." INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex } ::= { ipsAuthCredKerbAttributesTable 1 } IpsAuthCredKerbAttributesEntry ::= SEQUENCE { ipsAuthCredKerbAttribute SnmpAdminString, ipsAuthCredKerbRowStatus RowStatus } -- Work: The following is a placeholder attribute, since I -- haven't figured out what to configure for Kerberos. ipsAuthCredKerbAttribute OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "An octet string containing a Kerberos attribute for this credential." ::= { ipsAuthCredKerbAttributesEntry 1 } ipsAuthCredKerbRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This field allows entries to be dynamically added and removed from this table via SNMP." ::= { ipsAuthCredKerbAttributesEntry 2 } ------------------------------------------------------------------------ -- Notifications -- There are no notifications necessary in this MIB. ------------------------------------------------------------------------ -- Conformance Statements ipsAuthGroups OBJECT IDENTIFIER ::= { ipsAuthConformance 1 } ipsAuthInstanceAttributesGroup OBJECT-GROUP OBJECTS { ipsAuthInstDescr } STATUS current DESCRIPTION "A collection of objects providing information about authentication instances." ::= { ipsAuthGroups 1 } ipsAuthIdentCertAttributesGroup OBJECT-GROUP OBJECTS { ipsAuthCertDescription, ipsAuthCert, ipsAuthCertIdentity, ipsAuthCertRowStatus } STATUS current DESCRIPTION "A collection of objects providing information about certicates within an authentication instance." ::= { ipsAuthGroups 2 } ipsAuthIdentAttributesGroup OBJECT-GROUP OBJECTS { ipsAuthIdentDescription, ipsAuthIdentRowStatus } STATUS current DESCRIPTION "A collection of objects providing information about user identities within an authentication instance." ::= { ipsAuthGroups 3 } ipsAuthIdentNameAttributesGroup OBJECT-GROUP OBJECTS { ipsAuthIdentName, ipsAuthIdentNameRowStatus } STATUS current DESCRIPTION "A collection of objects providing information about user names within user identities within an authentication instance." ::= { ipsAuthGroups 4 } ipsAuthIdentAddrAttributesGroup OBJECT-GROUP OBJECTS { ipsAuthIdentAddrType, ipsAuthIdentAddrStart, ipsAuthIdentAddrEnd, ipsAuthIdentAddrMask, ipsAuthIdentAddrRowStatus } STATUS current DESCRIPTION "A collection of objects providing information about address ranges within user identities within an authentication instance." ::= { ipsAuthGroups 5 } ipsAuthIdentCredAttributesGroup OBJECT-GROUP OBJECTS { ipsAuthCredAuthMethod, ipsAuthCredUserName, ipsAuthCredRowStatus } STATUS current DESCRIPTION "A collection of objects providing information about credentials within user identities within an authentication instance." ::= { ipsAuthGroups 6 } ipsAuthIdentChapAttrGroup OBJECT-GROUP OBJECTS { ipsAuthCredChapUserName, ipsAuthCredChapPassword, ipsAuthCredChapRowStatus } STATUS current DESCRIPTION "A collection of objects providing information about CHAP credentials within user identities within an authentication instance." ::= { ipsAuthGroups 7 } ipsAuthIdentSrpAttrGroup OBJECT-GROUP OBJECTS { ipsAuthCredSrpUserName, ipsAuthCredSrpPasswordVerifier, ipsAuthCredSrpSalt, ipsAuthCredSrpRowStatus } STATUS current DESCRIPTION "A collection of objects providing information about SRP credentials within user identities within an authentication instance." ::= { ipsAuthGroups 8 } ipsAuthIdentSpkmAttrGroup OBJECT-GROUP OBJECTS { ipsAuthCredSpkmPeerIdentity, ipsAuthCredSpkmPeerCert, ipsAuthCredSpkmMyCert, ipsAuthCredSpkmRowStatus } STATUS current DESCRIPTION "A collection of objects providing information about SPKM credentials within user identities within an authentication instance." ::= { ipsAuthGroups 9 } ipsAuthIdentKerberosAttrGroup OBJECT-GROUP OBJECTS { ipsAuthCredKerbAttribute, ipsAuthCredKerbRowStatus } STATUS current DESCRIPTION "A collection of objects providing information about Kerberos credentials within user identities within an authentication instance." ::= { ipsAuthGroups 10 } -- Work need to add the rest of the groups ------------------------------------------------------------------------ ipsAuthCompliances OBJECT IDENTIFIER ::= { ipsAuthConformance 2 } ipsAuthComplianceV1 MODULE-COMPLIANCE STATUS current DESCRIPTION "Initial version of compliance statement based on initial version of MIB. The Instance and Identity groups are mandatory; at least one of the other groups (Name, Address, Credential, Certificate) is also mandatory for any given implementation." MODULE -- this module MANDATORY-GROUPS { ipsAuthInstanceAttributesGroup, ipsAuthIdentAttributesGroup } -- Conditionally mandatory groups to be included with -- the mandatory groups when necessary. GROUP ipsAuthIdentNameAttributesGroup DESCRIPTION "This group is mandatory for all implementations that make use of unique identity names." GROUP ipsAuthIdentAddrAttributesGroup DESCRIPTION "This group is mandatory for all implementations that use addresses to help authenticate identities." GROUP ipsAuthIdentCredAttributesGroup DESCRIPTION "This group is mandatory for all implementations that use credentials to help authenticate identities." GROUP ipsAuthIdentCertAttributesGroup DESCRIPTION "This group is mandatory for all implementations that make use of public key certificates." ::= { ipsAuthCompliances 1 } END