smilint output for ./KRB-USM-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| severe | 1 |
| Message Types |
|---|
| Type | Count |
|---|
| internal-other (severe) | 1 |
Messages:
KRB-USM-MIB
1: -- extracted from draft-thomas-snmpv3-kerbusm-00.txt
2: -- at Sun Jul 16 07:07:59 2000
3:
4: KRB-USM-MIB DEFINITIONS ::= BEGIN
5: IMPORTS
6: MODULE-IDENTITY,
7: OBJECT-TYPE, OBJECT-IDENTITY,
8: snmpModules, Counter32, Unsigned32 FROM SNMPv2-SMI
9: TruthValue, DisplayString FROM SNMPv2-TC
10: usmUserEntry FROM SNMP-USER-BASED-SM-MIB
11:
12:
13:
14: krbUsmMib MODULE-IDENTITY
14: severe -
syntax error, unexpected MODULE_IDENTITY, expecting FROM or ','
15: LAST-UPDATED "00071300Z"
16: ORGANIZATION "IETF SNMP V3 Working Group"
17: CONTACT-INFO
18: "Michael Thomas
19: Cisco Systems
20: 375 E Tasman Drive
21: San Jose, Ca 95134
22: Phone: +1 408-525-5386
23: Fax: +1 801-382-5284
24: email: mat@cisco.com"
25: DESCRIPTION
26: "This MIB contains the MIB variables to
27: exchange Kerberos credentials and a session
28: key to be used to authenticate and set up
29: USM keys"
30:
31: ::= { snmpModules nnn } -- not sure what needs to be here.
32: krbUsmMibObjects OBJECT INDENTIFIER ::= { krbUsmMib 1 }
33:
34: krbUsmMibAuthInAttemps
35: SYNTAX Counter32
36: MAX-ACCESS read-only
37: STATUS current
38: DESCRIPTION
39: "Counter of the number of Kerberos
40: authorization attempts as defined by
41: receipt of a PDU from a Manager with a
42: krbUsmMibNonce set in the principal table."
43: ::= { krbUsmMibObjects 1 }
44:
45: krbUsmMibAuthOutAttemps
46: SYNTAX Counter32
47: MAX-ACCESS read-only
48: STATUS current
49: DESCRIPTION
50: "Counter of the number of unsolicited Kerberos
51: authorization attempts as defined by
52: an Agent sending an INFORM or TRAP PDU with a
53: krbUsmMibApRep but without krbUsmApMibNonce
54: varbind."
55: ::= { krbUsmMibObjects 2 }
56: krbUsmMibAuthInFail
57: SYNTAX Counter32
58: MAX-ACCESS read-only
59: STATUS current
60: DESCRIPTION
61: "Counter of the number of Kerberos
62: authorization failures as defined by
63: a Manager setting the krbUsmMibNonce
64: in the principal table which results
65: in some sort of failure to install keys
66: in the requested USM user entry."
67: ::= { krbUsmMibObjects 3 }
68:
69: krbUsmMibAuthOutFail
70: SYNTAX Counter32
71: MAX-ACCESS read-only
72: STATUS current
73: DESCRIPTION
74: "Counter of the number of unsolicited Kerberos
75: authorization failures as defined by
76: an Agent sending an INFORM or TRAP PDU with a
77: krbUsmMibApRep but without a krbUsmMibNonce
78: varbind which does not result in keys being
79: installed for that USM user entry."
80: ::= { krbUsmMibObjects 4 }
81:
82: krbUsmMibPrinTable OBJECT-TYPE
83: SYNTAX SEQUENCE OF krbUsmMibEntry
84: MAX-ACCESS not-accessible
85: STATUS current
86: DESCRIPTION
87: "Table which maps Kerberos principals with USM
88: users as well as the per user variables to key
89: up sessions"
90: ::= { krbUsmMibObjects 5 }
91:
92: krbUsmMibPrinEntry OBJECT-TYPE
93: SYNTAX KrbUsmMibPrinEntry
94: MAX-ACCESS not-accessible
95: STATUS current
96: DESCRIPTION
97: "an entry into the krbMibPrinTable which is a
98: parallel table to UsmUserEntry table"
99: AUGMENTS { usmUserEntry }
100: ::= { krbUsmMibPrinTable 1 }
101:
102: KrbUsmMibPrinEntry SEQUENCE
103: {
104: krbUsmMibApReq OCTET STRING,
105: krbUsmMibApRep OCTET STRING,
106: krbUsmMibNonce OCTET STRING,
107: krbUsmMibMgrTGT OCTET STRING,
108: krbUsmMibUnsolicitedNotify TruthValue,
109: }
110:
111:
112: krbUsmMibApReq OBJECT-TYPE
113: SYNTAX OCTET STRING
114: MAX-ACCESS accessible-for-notify
115: STATUS current
116: DESCRIPTION
117: "This variable contains a DER encoded Kerberos
118: AP-REQ or KRB-ERROR for the USM user which is
119: to be keyed. This is sent from the Agent to
120: the Manager in an INFORM or TRAP request.
121: KRB-ERROR MUST only be sent to the Manager
122: if it is in response to a keying request from
123: the Manager.
124: "
125: ::= { krbUsmMibPrinEntry 1 }
126:
127: krbUsmMibApRep OBJECT-TYPE
128: SYNTAX OCTET STRING
129: MAX-ACCESS read-write
130: STATUS current
131: DESCRIPTION
132: "This variable contains the DER encoded response
133: to an AP-REQ. This variable is SET by the
134: Manager to acknowledge receipt of an AP-REQ. If
135: krbUsmMibApRep contains a Kerberos AP-REP, the
136: Agent must derive keys from the session key
137: of the Kerberos ticket in the AP-REQ and place
138: them in the USM database in a manner specified
139: by [RFC2574]. If the Manager detects an error,
140: it will instead place a KRB-ERROR in this
141: variable to inform the Agent of the error.
142:
143: This variable is in effect a write-only variable.
144: attempts to read this variable will result in a
145: null octet string being returned"
146: ::= { krbUsmMibPrinEntry 2 }
147:
148: krbUsmMibNonce OBJECT-TYPE
149: SYNTAX OCTET STRING
150: MAX-ACCESS read-write
151: STATUS current
152: DESCRIPTION
153: "SET'ing a krbUsmMibnonce allows a Manager to
154: determine whether an INFORM or TRAP from an
155: Agent is an outstanding keying request, or
156: unsolicited from the Agent. The Manager
157: initiates keying for a particular USM user
158: by writing a nonce into the row for which
159: desires to establish a security association.
160: The nonce is an ASCII string of the form
161: ``host:port?nonce'' where:
162:
163: host: is either an FQDN, or valid ipv4 or ipv6
164: numerical notation of the Manager which
165: desires to initiate keying
166: port: is the destination port at which that the
167: Manager may be contacted
168: nonce: is a number generated by the Manager to
169: correlate the transaction
170:
171: The same nonce MUST be sent to the Manager in a
172: subsequent INFORM or TRAP with a krbUsmApReq.
173: The Agent MUST use the host address and port
174: supplied in the nonce as the destination of a
175: subsequent INFORM or TRAP. Unsolicited keying
176: requests MUST NOT contain a nonce, and should
177: instead use the destination stored Notifies of
178: this type.
179:
180: Nonces MUST be highly collision resistant either
181: using a time based method or a suitable random
182: number generator. Managers MUST never create
183: nonces which are 0.
184:
185: This variable is in effect a write-only variable.
186: Attempts to read this variable will result in a
187: nonce of value 0 being returned"
188:
189:
190: ::= { krbUsmMibPrinEntry 3 }
191:
192: krbUsmMibMgrTgt OBJECT-TYPE
193: SYNTAX OCTET STRING
194: MAX-ACCESS read-write
195: STATUS current
196: DESCRIPTION
197: "If the Manager does not possess a symmetric
198: key with the KDC as would be the case with
199: a Manager using PKinit for authentication,
200: the Manager MUST SET its DER encoded ticket
201: granting ticket into KrbUsmMgrTgt along
202: with krbUsmMibNonce.
203:
204: The agent will then attach the Manager's TGT
205: into the additional tickets field of the
206: TGS-REQ message to the KDC to get a User-User
207: service ticket.
208:
209: This variable is in effect a write-only variable.
210: Attempts to read this variable will result in a
211: null octet string being returned"
212: ::= { krbUsmMibPrinEntry 4 }
213:
214:
215: krbUsmMibUnsolicitedNotify OBJECT-TYPE
216: SYNTAX TruthValue
217: MAX-ACCESS read-write
218: STATUS current
219: DESCRIPTION
220: "If this variable is false, the Agent MUST NOT
221: send unsolicited INFORM or TRAP PDU's to the
222: Manager.
223:
224: Attempts to SET this variable by the no-auth
225: no-priv user MUST be rejected."
226: ::= { krbUsmMibPrinEntry 5 }
227:
228: --
229: -- Conformance section... nothing optional.
230:
231: krbUsmMibCompliences MODULE-COMPLIANCE
232: STATUS current
233: DESCRIPTION "The compliance statement for SNMP
234: engines whichimplement the KRB-USM-MIB
235: "
236: MODULE -- this module
237: MANDATORY-GROUPS { krbUsmMib }
238: ::= { krbUsmMibCompliances 1 }
239:
240: END