draft-ietf-ips-auth-mib-01.txt   draft-ietf-ips-auth-mib-02.txt 
Internet Draft Mark Bakke Internet Draft Mark Bakke
<draft-ietf-ips-auth-mib-01.txt> Jim Muchow <draft-ietf-ips-auth-mib-02.txt> Jim Muchow
Expires December 2002 Cisco Systems Expires March 2003 Cisco Systems
June 2002 September 2002
Definitions of Managed Objects for User Identity Authentication Definitions of Managed Objects for User Identity Authentication
1. Status of this Memo 1. Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 2, line 14 skipping to change at page 2, line 14
that this MIB provides only the set of identities and the means to that this MIB provides only the set of identities and the means to
authenticate them; it is the responsibility of other MIBs making use authenticate them; it is the responsibility of other MIBs making use
of this one to tie them to authorization lists. of this one to tie them to authorization lists.
3. Acknowledgments 3. Acknowledgments
In addition to the authors, several people contributed to the In addition to the authors, several people contributed to the
development of this MIB through discussions of authentication, development of this MIB through discussions of authentication,
authorization, and access within the iSCSI MIB and security teams, authorization, and access within the iSCSI MIB and security teams,
including John Hufferd, Marjorie Krueger, Keith McCloghrie, Tom including John Hufferd, Marjorie Krueger, Keith McCloghrie, Tom
McSweeney, Steve Senum, and Josh Tseng. McSweeney, Steve Senum, and Josh Tseng. Thanks also to Bill
Studenmund (Wasabi Systems) for adding the Kerberos method.
Thanks especially to Keith McCloghrie for serving as advisor for this Thanks especially to Keith McCloghrie for serving as advisor for this
MIB. MIB.
4. The SNMP Management Framework 4. The SNMP Management Framework
The SNMP Management Framework presently consists of five major The SNMP Management Framework presently consists of five major
components: components:
o An overall architecture, described in RFC 2571 [RFC2571]. o An overall architecture, described in RFC 2571 [RFC2571].
skipping to change at page 3, line 39 skipping to change at page 3, line 39
person; a user can also be a host, an application, a cluster of person; a user can also be a host, an application, a cluster of
hosts, or any other identifiable entity that can be authenticated and hosts, or any other identifiable entity that can be authenticated and
granted access to a resource. granted access to a resource.
Most objects in this MIB have a MAX-ACCESS of read-create; the MIB is Most objects in this MIB have a MAX-ACCESS of read-create; the MIB is
intended to allow configuration of user identities and their names, intended to allow configuration of user identities and their names,
addresses, and credentials. MIN-ACCESS for all objects is read-only addresses, and credentials. MIN-ACCESS for all objects is read-only
for those implementations that configure through other means, but for those implementations that configure through other means, but
require the ability to monitor user identities. require the ability to monitor user identities.
4.1. Revision History
The following modifications were made from draft-00 to draft-01
- The Kerberos and SPKM (public key certificate) authentication
methods were removed. - Added the capability to include Fibre
Channel addresses.
5. Relationship to Other MIBs 5. Relationship to Other MIBs
The identity authentication MIB does not directly address objects The identity authentication MIB does not directly address objects
within other MIBs. The identity address objects contain IPv4, IPv6, within other MIBs. The identity address objects contain IPv4, IPv6,
or other address types, and as such may be indirectly related to or other address types, and as such may be indirectly related to
objects within the IPv4 MIB [RFC1213, RFC2011] or IPv6 [RFC2465] MIB. objects within the IPv4 MIB [RFC1213, RFC2011] or IPv6 [RFC2465] MIB.
This MIB does not cover authorization. This should generally be done This MIB does not cover authorization. This should generally be done
in MIBs that reference identities in this one. It also does not in MIBs that reference identities in this one. It also does not
cover login or authentication failure statistics or notifications, as cover login or authentication failure statistics or notifications, as
skipping to change at page 5, line 14 skipping to change at page 5, line 6
-- An address range, typically but not necessarily an -- An address range, typically but not necessarily an
-- IPv4, IPv6, or Fibre Channel address range, at which -- IPv4, IPv6, or Fibre Channel address range, at which
-- the identity is allowed to reside. -- the identity is allowed to reside.
ipsAuthCredential ipsAuthCredential
-- A single credential, such as a CHAP username/password, -- A single credential, such as a CHAP username/password,
-- which can ipsAuthenticate the identity. -- which can ipsAuthenticate the identity.
ipsAuthCredChap ipsAuthCredChap
-- CHAP-specific attributes for an ipsAuthCredential -- CHAP-specific attributes for an ipsAuthCredential
ipsAuthCredSrp ipsAuthCredSrp
-- SRP-specific attributes -- SRP-specific attributes
ipsAuthCredKerberos
-- Kerberos-specific attributes
Each identity contains the information necessary to authenticate a Each identity contains the information necessary to authenticate a
particular end-point that wishes to access a service, such as iSCSI. particular end-point that wishes to access a service, such as iSCSI.
An identity can contain multiple names, addresses, and credentials. An identity can contain multiple names, addresses, and credentials.
Work - Add some examples here.
Work - need examples showing how this can work on a client and a
server, for mutual authentication.
6.2. ipsAuthInstance 6.2. ipsAuthInstance
The ipsAuthInstanceAttributesTable is the primary table of the The ipsAuthInstanceAttributesTable is the primary table of the
authentication MIB. Every other table entry in this MIB includes the authentication MIB. Every other table entry in this MIB includes the
index of an ipsAuthInstanceAttributesEntry as its primary index. An index of an ipsAuthInstanceAttributesEntry as its primary index. An
authentication instance is basically a managed set of identities. authentication instance is basically a managed set of identities.
Many implementations will include just one authentication instance Many implementations will include just one authentication instance
row in this table. However, there will be cases where multiple rows row in this table. However, there will be cases where multiple rows
in this table may be used: in this table may be used:
skipping to change at page 7, line 31 skipping to change at page 7, line 18
same thing with more flexibility. An application specifying same thing with more flexibility. An application specifying
addresses using network masks may do so, and convert to and from addresses using network masks may do so, and convert to and from
address ranges when reading or writing this MIB. address ranges when reading or writing this MIB.
6.6. ipsAuthCredential 6.6. ipsAuthCredential
The ipsAuthCredentialAttributesTable contains a list of credentials, The ipsAuthCredentialAttributesTable contains a list of credentials,
each of which may authenticate a particular identity. each of which may authenticate a particular identity.
Each credential contains an authentication method to be used, such as Each credential contains an authentication method to be used, such as
CHAP [RFC1994], or SRP [RFC2945]. This attribute contains an object CHAP [RFC1994], SRP [RFC2945], or Kerberos [RFC1510]. This attribute
identifier instead of an enumerated type, allowing other MIBs to add contains an object identifier instead of an enumerated type, allowing
their own authentication methods, without modifying this MIB. other MIBs to add their own authentication methods, without modifying
this MIB.
For each entry in this table, there will exist an entry in another For each entry in this table, there will exist an entry in another
table containing its attributes. The table in which to place the table containing its attributes. The table in which to place the
entry depends on the AuthMethod attribute: entry depends on the AuthMethod attribute:
CHAP If the AuthMethod is set to the CHAP OID, an entry using the CHAP If the AuthMethod is set to the CHAP OID, an entry using the
same indices as the ipsAuthCredential will exist in the same indices as the ipsAuthCredential will exist in the
ipsAuthCredChap table, which contains the CHAP username and ipsAuthCredChap table, which contains the CHAP username.
password expected.
SRP If the AuthMethod is set to the SRP OID, an entry using the SRP If the AuthMethod is set to the SRP OID, an entry using the
same indices as the ipsAuthCredential will exist in the same indices as the ipsAuthCredential will exist in the
ipsAuthCredSrp table, which contains the SRP username, ipsAuthCredSrp table, which contains the SRP username.
password verifier, and salt.
Kerberos If the AuthMethod is set to the Kerberos OID, an entry using
the same indices as the ipsAuthCredential will exist in the
ipsAuthCredKerberos table, which contains the Kerberos
principal.
Other If the AuthMethod is set to any OID not defined in this MIB, Other If the AuthMethod is set to any OID not defined in this MIB,
an entry using the same indices as the ipsAuthCredential an entry using the same indices as the ipsAuthCredential
entry should be placed in the other MIB that define whatever entry should be placed in the other MIB that define whatever
attributes are needed for that type of credential. attributes are needed for that type of credential.
6.7. IP, Fibre Channel, and Other Addresses 6.7. IP, Fibre Channel, and Other Addresses
The IP addresses in this MIB are represented by two attributes, one The IP addresses in this MIB are represented by two attributes, one
of type AddressFamilyNumbers, and the other of type AuthAddress. of type AddressFamilyNumbers, and the other of type AuthAddress.
skipping to change at page 9, line 14 skipping to change at page 9, line 14
7. MIB Definitions 7. MIB Definitions
IPS-AUTH-MIB DEFINITIONS ::= BEGIN IPS-AUTH-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, Unsigned32, MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, Unsigned32,
experimental experimental
FROM SNMPv2-SMI FROM SNMPv2-SMI
TEXTUAL-CONVENTION, TEXTUAL-CONVENTION, RowStatus, AutonomousType
RowStatus,
AutonomousType
FROM SNMPv2-TC FROM SNMPv2-TC
MODULE-COMPLIANCE, MODULE-COMPLIANCE, OBJECT-GROUP
OBJECT-GROUP
FROM SNMPv2-CONF FROM SNMPv2-CONF
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- RFC 2571 FROM SNMP-FRAMEWORK-MIB -- RFC 2571
AddressFamilyNumbers AddressFamilyNumbers
FROM IANA-ADDRESS-FAMILY-NUMBERS-MIB FROM IANA-ADDRESS-FAMILY-NUMBERS-MIB
; ;
ipsAuthModule MODULE-IDENTITY ipsAuthModule MODULE-IDENTITY
LAST-UPDATED "200206260000Z" LAST-UPDATED "200209250000Z" -- September 25, 2002
ORGANIZATION "IETF IPS Working Group" ORGANIZATION "IETF IPS Working Group"
CONTACT-INFO CONTACT-INFO
" "
Mark Bakke Mark Bakke
Postal: Cisco Systems, Inc Postal: Cisco Systems, Inc
6450 Wedgwood Road, Suite 130 6450 Wedgwood Road, Suite 130
Maple Grove, MN Maple Grove, MN
USA 55311 USA 55311
Tel: +1 763-398-1000 Tel: +1 763-398-1000
Fax: +1 763-398-1001 Fax: +1 763-398-1001
E-mail: mbakke@cisco.com" E-mail: mbakke@cisco.com
DESCRIPTION Jim Muchow
"The IP Storage Authorization MIB module." Postal: Cisco Systems, Inc
6450 Wedgwood Road, Suite 130
Maple Grove, MN
USA 55311
REVISION "200206260000Z" -- June 26, 2002 Tel: +1 763-398-1000
Fax: +1 763-398-1001
E-mail: jmuchow@cisco.com"
DESCRIPTION
"The IP Storage Authentication MIB module."
REVISION "200209250000Z" -- September 25, 2002
DESCRIPTION DESCRIPTION
"Initial revision published as RFC xxxx." "Initial revision published as RFC xxxx."
--::= { mib-2 xx } --::= { mib-2 xx }
-- in case you want to COMPILE -- in case you want to COMPILE
::= { experimental 99999 } ::= { experimental 99999 }
ipsAuthObjects OBJECT IDENTIFIER ::= { ipsAuthModule 1 } ipsAuthObjects OBJECT IDENTIFIER ::= { ipsAuthModule 1 }
ipsAuthNotifications OBJECT IDENTIFIER ::= { ipsAuthModule 2 } ipsAuthNotifications OBJECT IDENTIFIER ::= { ipsAuthModule 2 }
ipsAuthConformance OBJECT IDENTIFIER ::= { ipsAuthModule 3 } ipsAuthConformance OBJECT IDENTIFIER ::= { ipsAuthModule 3 }
skipping to change at page 11, line 16 skipping to change at page 11, line 23
::= { ipsAuthMethodTypes 2 } ::= { ipsAuthMethodTypes 2 }
ipsAuthMethodChap OBJECT-IDENTITY ipsAuthMethodChap OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The authoritative identifier when the authentication "The authoritative identifier when the authentication
method is CHAP." method is CHAP."
REFERENCE "iSCSI Protocol Specification." REFERENCE "iSCSI Protocol Specification."
::= { ipsAuthMethodTypes 3 } ::= { ipsAuthMethodTypes 3 }
ipsAuthMethodKerberos OBJECT-IDENTITY
STATUS current
DESCRIPTION
"The authoritative identifier when the authentication
method is Kerberos."
REFERENCE "iSCSI Protocol Specification."
::= { ipsAuthMethodTypes 4 }
---------------------------------------------------------------------- ----------------------------------------------------------------------
ipsAuthInstance OBJECT IDENTIFIER ::= { ipsAuthObjects 2 } ipsAuthInstance OBJECT IDENTIFIER ::= { ipsAuthObjects 2 }
-- Instance Attributes Table -- Instance Attributes Table
ipsAuthInstanceAttributesTable OBJECT-TYPE ipsAuthInstanceAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthInstanceAttributesEntry SYNTAX SEQUENCE OF IpsAuthInstanceAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A list of iSCSI instances present on the system." "A list of Authentication instances present on the system."
::= { ipsAuthInstance 2 } ::= { ipsAuthInstance 2 }
ipsAuthInstanceAttributesEntry OBJECT-TYPE ipsAuthInstanceAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthInstanceAttributesEntry SYNTAX IpsAuthInstanceAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing managment information applicable "An entry (row) containing managment information
to a particular iSCSI instance." applicable to a particular Authentication instance."
INDEX { ipsAuthInstIndex } INDEX { ipsAuthInstIndex }
::= { ipsAuthInstanceAttributesTable 1 } ::= { ipsAuthInstanceAttributesTable 1 }
IpsAuthInstanceAttributesEntry ::= SEQUENCE { IpsAuthInstanceAttributesEntry ::= SEQUENCE {
ipsAuthInstIndex Unsigned32, ipsAuthInstIndex Unsigned32,
ipsAuthInstDescr SnmpAdminString ipsAuthInstDescr SnmpAdminString
} }
ipsAuthInstIndex OBJECT-TYPE ipsAuthInstIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 11, line 50 skipping to change at page 12, line 17
IpsAuthInstanceAttributesEntry ::= SEQUENCE { IpsAuthInstanceAttributesEntry ::= SEQUENCE {
ipsAuthInstIndex Unsigned32, ipsAuthInstIndex Unsigned32,
ipsAuthInstDescr SnmpAdminString ipsAuthInstDescr SnmpAdminString
} }
ipsAuthInstIndex OBJECT-TYPE ipsAuthInstIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer used to uniquely identify a particular "An arbitrary integer used to uniquely identify a
authentication instance." particular authentication instance."
::= { ipsAuthInstanceAttributesEntry 1 } ::= { ipsAuthInstanceAttributesEntry 1 }
ipsAuthInstDescr OBJECT-TYPE ipsAuthInstDescr OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An octet string, determined by the implementation to describe "An octet string, determined by the implementation to
the authentication instance. When only a single instance is present, describe the authentication instance. When only a single
this object may be set to the zero-length string; with multiple instance is present, this object may be set to the
authentication instances, it may be used in an implementation-dependent zero-length string; with multiple authentication
instances, it may be used in an implementation-dependent
manner to describe the purpose of the respective instance." manner to describe the purpose of the respective instance."
::= { ipsAuthInstanceAttributesEntry 2 } ::= { ipsAuthInstanceAttributesEntry 2 }
ipsAuthIdentity OBJECT IDENTIFIER ::= { ipsAuthObjects 3 } ipsAuthIdentity OBJECT IDENTIFIER ::= { ipsAuthObjects 3 }
-- iSCSI User Identity Attributes Table -- iSCSI User Identity Attributes Table
ipsAuthIdentAttributesTable OBJECT-TYPE ipsAuthIdentAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthIdentAttributesEntry SYNTAX SEQUENCE OF IpsAuthIdentAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A list of user identities, each belonging to a particular "A list of user identities, each belonging to a
ipsAuthInstance." particular ipsAuthInstance."
::= { ipsAuthIdentity 1 } ::= { ipsAuthIdentity 1 }
ipsAuthIdentAttributesEntry OBJECT-TYPE ipsAuthIdentAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthIdentAttributesEntry SYNTAX IpsAuthIdentAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing management information "An entry (row) containing management information
describing a user identity describing a user identity within an authentication
within an authentication instance on this node." instance on this node."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex } INDEX { ipsAuthInstIndex, ipsAuthIdentIndex }
::= { ipsAuthIdentAttributesTable 1 } ::= { ipsAuthIdentAttributesTable 1 }
IpsAuthIdentAttributesEntry ::= SEQUENCE { IpsAuthIdentAttributesEntry ::= SEQUENCE {
ipsAuthIdentIndex Unsigned32, ipsAuthIdentIndex Unsigned32,
ipsAuthIdentDescription SnmpAdminString, ipsAuthIdentDescription SnmpAdminString,
ipsAuthIdentRowStatus RowStatus ipsAuthIdentRowStatus RowStatus
} }
ipsAuthIdentIndex OBJECT-TYPE ipsAuthIdentIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer used to uniquely identify a particular "An arbitrary integer used to uniquely identify a
identity instance within an authentication instance present particular identity instance within an authentication
on the node." instance present on the node."
::= { ipsAuthIdentAttributesEntry 1 } ::= { ipsAuthIdentAttributesEntry 1 }
ipsAuthIdentDescription OBJECT-TYPE ipsAuthIdentDescription OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An octet string describing this particular identity." "An octet string describing this particular identity."
::= { ipsAuthIdentAttributesEntry 2 } ::= { ipsAuthIdentAttributesEntry 2 }
skipping to change at page 13, line 48 skipping to change at page 14, line 14
identify a particular user identity." identify a particular user identity."
::= { ipsAuthIdentityName 1 } ::= { ipsAuthIdentityName 1 }
ipsAuthIdentNameAttributesEntry OBJECT-TYPE ipsAuthIdentNameAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthIdentNameAttributesEntry SYNTAX IpsAuthIdentNameAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing management information "An entry (row) containing management information
applicable to a unique identity name which can be used applicable to a unique identity name which can be used
to uniquely identify a user identity within a particular to identify a user identity within a particular
authentication instance." authentication instance."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthIdentNameIndex } INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
ipsAuthIdentNameIndex }
::= { ipsAuthIdentNameAttributesTable 1 } ::= { ipsAuthIdentNameAttributesTable 1 }
IpsAuthIdentNameAttributesEntry ::= SEQUENCE { IpsAuthIdentNameAttributesEntry ::= SEQUENCE {
ipsAuthIdentNameIndex Unsigned32, ipsAuthIdentNameIndex Unsigned32,
ipsAuthIdentName SnmpAdminString, ipsAuthIdentName SnmpAdminString,
ipsAuthIdentNameRowStatus RowStatus ipsAuthIdentNameRowStatus RowStatus
} }
ipsAuthIdentNameIndex OBJECT-TYPE ipsAuthIdentNameIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer used to uniquely identify a particular "An arbitrary integer used to uniquely identify a
identity name instance within an ipsAuthIdentity within an particular identity name instance within an
authentication instance." ipsAuthIdentity within an authentication instance."
::= { ipsAuthIdentNameAttributesEntry 1 } ::= { ipsAuthIdentNameAttributesEntry 1 }
ipsAuthIdentName OBJECT-TYPE ipsAuthIdentName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A character string which is the unique name of an "A character string which is the unique name of an
identity that may be used to identify this identity that may be used to identify this ipsAuthIdent
ipsAuthIdent entry." entry."
::= { ipsAuthIdentNameAttributesEntry 2 } ::= { ipsAuthIdentNameAttributesEntry 2 }
ipsAuthIdentNameRowStatus OBJECT-TYPE ipsAuthIdentNameRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This field allows entries to be dynamically added and "This field allows entries to be dynamically added and
removed from this table via SNMP." removed from this table via SNMP."
::= { ipsAuthIdentNameAttributesEntry 3 } ::= { ipsAuthIdentNameAttributesEntry 3 }
skipping to change at page 15, line 20 skipping to change at page 15, line 33
ipsAuthIdentAddrAttributesEntry OBJECT-TYPE ipsAuthIdentAddrAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthIdentAddrAttributesEntry SYNTAX IpsAuthIdentAddrAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing management information "An entry (row) containing management information
applicable to an address range which is used as part applicable to an address range which is used as part
of the authentication of an identity of the authentication of an identity
within an authentication instance on this node." within an authentication instance on this node."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthIdentAddrIndex } INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
ipsAuthIdentAddrIndex }
::= { ipsAuthIdentAddrAttributesTable 1 } ::= { ipsAuthIdentAddrAttributesTable 1 }
IpsAuthIdentAddrAttributesEntry ::= SEQUENCE { IpsAuthIdentAddrAttributesEntry ::= SEQUENCE {
ipsAuthIdentAddrIndex Unsigned32, ipsAuthIdentAddrIndex Unsigned32,
ipsAuthIdentAddrType AddressFamilyNumbers, ipsAuthIdentAddrType AddressFamilyNumbers,
ipsAuthIdentAddrStart IpsAuthAddress, ipsAuthIdentAddrStart IpsAuthAddress,
ipsAuthIdentAddrEnd IpsAuthAddress, ipsAuthIdentAddrEnd IpsAuthAddress,
ipsAuthIdentAddrRowStatus RowStatus ipsAuthIdentAddrRowStatus RowStatus
} }
ipsAuthIdentAddrIndex OBJECT-TYPE ipsAuthIdentAddrIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer used to uniquely identify a particular "An arbitrary integer used to uniquely identify a
ipsAuthIdentAddress instance within an ipsAuthIdentity within an particular ipsAuthIdentAddress instance within an
authentication instance present on the node." ipsAuthIdentity within an authentication instance
present on the node."
::= { ipsAuthIdentAddrAttributesEntry 1 } ::= { ipsAuthIdentAddrAttributesEntry 1 }
ipsAuthIdentAddrType OBJECT-TYPE ipsAuthIdentAddrType OBJECT-TYPE
SYNTAX AddressFamilyNumbers SYNTAX AddressFamilyNumbers
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The type of Address in the ipsAuthIdentAddress start, end, "The type of Address in the ipsAuthIdentAddress
and mask fields. This type is taken from the IANA address start, end, and mask fields. This type is taken
family types; more types may be registered independently from the IANA address family types; more types may
of this MIB." be registered independently of this MIB."
::= { ipsAuthIdentAddrAttributesEntry 2 } ::= { ipsAuthIdentAddrAttributesEntry 2 }
ipsAuthIdentAddrStart OBJECT-TYPE ipsAuthIdentAddrStart OBJECT-TYPE
SYNTAX IpsAuthAddress SYNTAX IpsAuthAddress
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The starting address of the allowed address range." "The starting address of the allowed address range."
::= { ipsAuthIdentAddrAttributesEntry 3 } ::= { ipsAuthIdentAddrAttributesEntry 3 }
ipsAuthIdentAddrEnd OBJECT-TYPE ipsAuthIdentAddrEnd OBJECT-TYPE
SYNTAX IpsAuthAddress SYNTAX IpsAuthAddress
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The ending address of the allowed address range. If the "The ending address of the allowed address range.
ipsAuthIdentAddrEntry specifies a single address, this shall If the ipsAuthIdentAddrEntry specifies a single
match the ipsAuthIdentAddrStart." address, this shall match the ipsAuthIdentAddrStart."
::= { ipsAuthIdentAddrAttributesEntry 4 } ::= { ipsAuthIdentAddrAttributesEntry 4 }
ipsAuthIdentAddrRowStatus OBJECT-TYPE ipsAuthIdentAddrRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This field allows entries to be dynamically added and "This field allows entries to be dynamically added and
removed from this table via SNMP." removed from this table via SNMP."
::= { ipsAuthIdentAddrAttributesEntry 5 } ::= { ipsAuthIdentAddrAttributesEntry 5 }
skipping to change at page 17, line 21 skipping to change at page 17, line 34
ipsAuthCredIndex Unsigned32, ipsAuthCredIndex Unsigned32,
ipsAuthCredAuthMethod AutonomousType, ipsAuthCredAuthMethod AutonomousType,
ipsAuthCredRowStatus RowStatus ipsAuthCredRowStatus RowStatus
} }
ipsAuthCredIndex OBJECT-TYPE ipsAuthCredIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer used to uniquely identify a particular "An arbitrary integer used to uniquely identify a
iSCSI Credential instance within an iSCSI instance present on the particular iSCSI Credential instance within an
node." iSCSI instance present on the node."
::= { ipsAuthCredentialAttributesEntry 1 } ::= { ipsAuthCredentialAttributesEntry 1 }
ipsAuthCredAuthMethod OBJECT-TYPE ipsAuthCredAuthMethod OBJECT-TYPE
SYNTAX AutonomousType SYNTAX AutonomousType
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object contains an OBJECT IDENTIFIER "This object contains an OBJECT IDENTIFIER
which identifies the authentication method which identifies the authentication method
used with this credential. used with this credential.
skipping to change at page 18, line 11 skipping to change at page 18, line 24
ipsAuthCredChap OBJECT IDENTIFIER ::= { ipsAuthObjects 7 } ipsAuthCredChap OBJECT IDENTIFIER ::= { ipsAuthObjects 7 }
-- Credential Chap-Specific Attributes Table -- Credential Chap-Specific Attributes Table
ipsAuthCredChapAttributesTable OBJECT-TYPE ipsAuthCredChapAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthCredChapAttributesEntry SYNTAX SEQUENCE OF IpsAuthCredChapAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A list of CHAP attributes for credentials that "A list of CHAP attributes for credentials that
have their ipsAuthCredAuthMethod == ipsAuthMethodChap." use ipsAuthMethodChap as its ipsAuthCredAuthMethod."
::= { ipsAuthCredChap 1 } ::= { ipsAuthCredChap 1 }
ipsAuthCredChapAttributesEntry OBJECT-TYPE ipsAuthCredChapAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthCredChapAttributesEntry SYNTAX IpsAuthCredChapAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing management information "An entry (row) containing management information
applicable to a credential which has the ipsAuthCredAuthMethod applicable to a credential which uses
set to the OID of ipsAuthMethodChap." ipsAuthMethodChap as their ipsAuthCredAuthMethod."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex } INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
::= { ipsAuthCredChapAttributesTable 1 } ::= { ipsAuthCredChapAttributesTable 1 }
IpsAuthCredChapAttributesEntry ::= SEQUENCE { IpsAuthCredChapAttributesEntry ::= SEQUENCE {
ipsAuthCredChapUserName SnmpAdminString, ipsAuthCredChapUserName SnmpAdminString,
ipsAuthCredChapPassword SnmpAdminString, ipsAuthCredChapPassword SnmpAdminString,
ipsAuthCredChapRowStatus RowStatus ipsAuthCredChapRowStatus RowStatus
} }
ipsAuthCredChapUserName OBJECT-TYPE ipsAuthCredChapUserName OBJECT-TYPE
skipping to change at page 19, line 20 skipping to change at page 19, line 34
ipsAuthCredSrp OBJECT IDENTIFIER ::= { ipsAuthObjects 8 } ipsAuthCredSrp OBJECT IDENTIFIER ::= { ipsAuthObjects 8 }
-- Credential Srp-Specific Attributes Table -- Credential Srp-Specific Attributes Table
ipsAuthCredSrpAttributesTable OBJECT-TYPE ipsAuthCredSrpAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthCredSrpAttributesEntry SYNTAX SEQUENCE OF IpsAuthCredSrpAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A list of SRP-specific attributes for credentials that "A list of SRP attributes for credentials that
have their ipsAuthCredAuthMethod == ipsAuthMethodSrp." use ipsAuthMethodSrp as their ipsAuthCredAuthMethod."
::= { ipsAuthCredSrp 1 } ::= { ipsAuthCredSrp 1 }
ipsAuthCredSrpAttributesEntry OBJECT-TYPE ipsAuthCredSrpAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthCredSrpAttributesEntry SYNTAX IpsAuthCredSrpAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing management information "An entry (row) containing management information
applicable to a credential which has the ipsAuthCredAuthMethod applicable to a credential which uses
set to the OID of ipsAuthMethodSrp." ipsAuthMethodSrp as its ipsAuthCredAuthMethod."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex } INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
::= { ipsAuthCredSrpAttributesTable 1 } ::= { ipsAuthCredSrpAttributesTable 1 }
IpsAuthCredSrpAttributesEntry ::= SEQUENCE { IpsAuthCredSrpAttributesEntry ::= SEQUENCE {
ipsAuthCredSrpUserName SnmpAdminString, ipsAuthCredSrpUserName SnmpAdminString,
ipsAuthCredSrpPassword SnmpAdminString, ipsAuthCredSrpPassword SnmpAdminString,
ipsAuthCredSrpRowStatus RowStatus ipsAuthCredSrpRowStatus RowStatus
} }
ipsAuthCredSrpUserName OBJECT-TYPE ipsAuthCredSrpUserName OBJECT-TYPE
skipping to change at page 20, line 23 skipping to change at page 20, line 36
ipsAuthCredSrpRowStatus OBJECT-TYPE ipsAuthCredSrpRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This field allows entries to be dynamically added and "This field allows entries to be dynamically added and
removed from this table via SNMP." removed from this table via SNMP."
::= { ipsAuthCredSrpAttributesEntry 3 } ::= { ipsAuthCredSrpAttributesEntry 3 }
ipsAuthCredKerberos OBJECT IDENTIFIER ::= { ipsAuthObjects 9 }
-- Credential Kerberos-Specific Attributes Table
ipsAuthCredKerbAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpsAuthCredKerbAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of Kerberos attributes for credentials that
use ipsAuthMethodKerberos as their ipsAuthCredAuthMethod."
::= { ipsAuthCredKerberos 1 }
ipsAuthCredKerbAttributesEntry OBJECT-TYPE
SYNTAX IpsAuthCredKerbAttributesEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (row) containing management information
applicable to a credential which uses
ipsAuthMethodKerberos as its ipsAuthCredAuthMethod."
INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
::= { ipsAuthCredKerbAttributesTable 1 }
IpsAuthCredKerbAttributesEntry ::= SEQUENCE {
ipsAuthCredKerbPrincipal SnmpAdminString,
ipsAuthCredKerbRowStatus RowStatus
}
ipsAuthCredKerbPrincipal OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An octet string containing a Kerberos principal
for this credential."
::= { ipsAuthCredKerbAttributesEntry 1 }
ipsAuthCredKerbRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This field allows entries to be dynamically added and
removed from this table via SNMP."
::= { ipsAuthCredKerbAttributesEntry 2 }
------------------------------------------------------------------------ ------------------------------------------------------------------------
-- Notifications -- Notifications
-- There are no notifications necessary in this MIB. -- There are no notifications necessary in this MIB.
------------------------------------------------------------------------ ------------------------------------------------------------------------
-- Conformance Statements -- Conformance Statements
ipsAuthGroups OBJECT IDENTIFIER ::= { ipsAuthConformance 1 } ipsAuthGroups OBJECT IDENTIFIER ::= { ipsAuthConformance 1 }
skipping to change at page 21, line 29 skipping to change at page 22, line 41
ipsAuthIdentAddrAttributesGroup OBJECT-GROUP ipsAuthIdentAddrAttributesGroup OBJECT-GROUP
OBJECTS { OBJECTS {
ipsAuthIdentAddrType, ipsAuthIdentAddrType,
ipsAuthIdentAddrStart, ipsAuthIdentAddrStart,
ipsAuthIdentAddrEnd, ipsAuthIdentAddrEnd,
ipsAuthIdentAddrRowStatus ipsAuthIdentAddrRowStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of objects providing information about "A collection of objects providing information about
address ranges within user identities within an authentication address ranges within user identities within an
instance." authentication instance."
::= { ipsAuthGroups 4 } ::= { ipsAuthGroups 4 }
ipsAuthIdentCredAttributesGroup OBJECT-GROUP ipsAuthIdentCredAttributesGroup OBJECT-GROUP
OBJECTS { OBJECTS {
ipsAuthCredAuthMethod, ipsAuthCredAuthMethod,
ipsAuthCredRowStatus ipsAuthCredRowStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of objects providing information about "A collection of objects providing information about
skipping to change at page 22, line 5 skipping to change at page 23, line 17
::= { ipsAuthGroups 5 } ::= { ipsAuthGroups 5 }
ipsAuthIdentChapAttrGroup OBJECT-GROUP ipsAuthIdentChapAttrGroup OBJECT-GROUP
OBJECTS { OBJECTS {
ipsAuthCredChapUserName, ipsAuthCredChapUserName,
ipsAuthCredChapPassword, ipsAuthCredChapPassword,
ipsAuthCredChapRowStatus ipsAuthCredChapRowStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of objects providing information about CHAP "A collection of objects providing information about
credentials within user identities within an authentication CHAP credentials within user identities within an
instance." authentication instance."
::= { ipsAuthGroups 6 } ::= { ipsAuthGroups 6 }
ipsAuthIdentSrpAttrGroup OBJECT-GROUP ipsAuthIdentSrpAttrGroup OBJECT-GROUP
OBJECTS { OBJECTS {
ipsAuthCredSrpUserName, ipsAuthCredSrpUserName,
ipsAuthCredSrpPassword, ipsAuthCredSrpPassword,
ipsAuthCredSrpRowStatus ipsAuthCredSrpRowStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of objects providing information about SRP "A collection of objects providing information about
credentials within user identities within an authentication SRP credentials within user identities within an
instance." authentication instance."
::= { ipsAuthGroups 7 } ::= { ipsAuthGroups 7 }
ipsAuthIdentKerberosAttrGroup OBJECT-GROUP
OBJECTS {
ipsAuthCredKerbPrincipal,
ipsAuthCredKerbRowStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing information about
Kerberos credentials within user identities within an
authentication instance."
::= { ipsAuthGroups 8 }
------------------------------------------------------------------------ ------------------------------------------------------------------------
ipsAuthCompliances OBJECT IDENTIFIER ::= { ipsAuthConformance 2 } ipsAuthCompliances OBJECT IDENTIFIER ::= { ipsAuthConformance 2 }
ipsAuthComplianceV1 MODULE-COMPLIANCE ipsAuthComplianceV1 MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Initial version of compliance statement based on "Initial version of compliance statement based on
initial version of MIB. initial version of MIB.
skipping to change at page 23, line 13 skipping to change at page 24, line 37
GROUP ipsAuthIdentAddrAttributesGroup GROUP ipsAuthIdentAddrAttributesGroup
DESCRIPTION DESCRIPTION
"This group is mandatory for all implementations "This group is mandatory for all implementations
that use addresses to help authenticate identities." that use addresses to help authenticate identities."
GROUP ipsAuthIdentCredAttributesGroup GROUP ipsAuthIdentCredAttributesGroup
DESCRIPTION DESCRIPTION
"This group is mandatory for all implementations "This group is mandatory for all implementations
that use credentials to help authenticate identities." that use credentials to help authenticate identities."
GROUP ipsAuthIdentChapAttrGroup
DESCRIPTION
"This group is mandatory for all implementations
that use CHAP to help authenticate identities.
The ipsAuthIdentCredAttributesGroup must be
implemented if this group is implemented."
GROUP ipsAuthIdentSrpAttrGroup
DESCRIPTION
"This group is mandatory for all implementations
that use SRP to help authenticate identities.
The ipsAuthIdentCredAttributesGroup must be
implemented if this group is implemented."
GROUP ipsAuthIdentKerberosAttrGroup
DESCRIPTION
"This group is mandatory for all implementations
that use Kerberos to help authenticate identities.
The ipsAuthIdentCredAttributesGroup must be
implemented if this group is implemented."
::= { ipsAuthCompliances 1 } ::= { ipsAuthCompliances 1 }
END END
8. Security Considerations 8. Security Considerations
SNMPv1 by itself is not a secure environment. Even if the network SNMPv1 by itself is not a secure environment. Even if the network
itself is secure (for example by using IPSec), even then, there is no itself is secure (for example by using IPSec), even then, there is no
control as to who on the secure network is allowed to access and control as to who on the secure network is allowed to access and
GET/SET (read/change/create/delete) the objects in this MIB. GET/SET (read/change/create/delete) the objects in this MIB.
skipping to change at page 23, line 45 skipping to change at page 25, line 44
Read access to this MIB provides the ability to find out which names, Read access to this MIB provides the ability to find out which names,
addresses, and credentials would be required to access services on addresses, and credentials would be required to access services on
the managed system. If these credentials are easily spoofed the managed system. If these credentials are easily spoofed
(particularly the name or address), read access to the MIB must be (particularly the name or address), read access to the MIB must be
tightly controlled. tightly controlled.
Write access to the MIB provides the ability to set up which Write access to the MIB provides the ability to set up which
credentials may be used to access services on the managed system, to credentials may be used to access services on the managed system, to
remove legitimate credentials (a denial of service), or to remove remove legitimate credentials (a denial of service), or to remove
individual credentials to weaken the requirements for access of a individual credentials to weaken the requirements for access of a
particular service. Write access must always be tightly controlled. particular service. In addition, write access may be used to change
CHAP or SRP passwords to a known value. Write access must always be
tightly controlled.
9. Normative References 9. Normative References
[ISCSI] Satran, J., et. al., "iSCSI", draft-ietf-ips-iSCSI-13, June [RFC2571] D. Harrington, R. Presuhn, and B. Wijnen, "An Architecture
2002.
[RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture
for Describing SNMP Management Frameworks", RFC 2571, April for Describing SNMP Management Frameworks", RFC 2571, April
1999. 1999.
[RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification [RFC1155] M. Rose and K. McCloghrie, "Structure and Identification of
of Management Information for TCP/IP-based Internets", STD Management Information for TCP/IP-based Internets", STD 16,
16, RFC 1155, May 1990. RFC 1155, May 1990.
[RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD [RFC1212] M. Rose and K. McCloghrie, "Concise MIB Definitions", STD
16, RFC 1212, March 1991. 16, RFC 1212, March 1991.
[RFC1215] M. Rose, "A Convention for Defining Traps for use with the [RFC2578] K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M.
SNMP", RFC 1215, March 1991. Rose, and S. Waldbusser, "Structure of Management
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578, April Information Version 2 (SMIv2)", STD 58, RFC 2578, April
1999. 1999.
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., [RFC1215] M. Rose, "A Convention for Defining Traps for use with the
Rose, M., and S. Waldbusser, "Textual Conventions for SNMP", RFC 1215, March 1991.
SMIv2", STD 58, RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., [RFC2579] K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M.
Rose, M., and S. Waldbusser, "Conformance Statements for Rose, and S. Waldbusser, "Textual Conventions for SMIv2",
SMIv2", STD 58, RFC 2580, April 1999. STD 58, RFC 2579, April 1999.
[RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple [RFC2580] K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M.
Rose, and S. Waldbusser, "Conformance Statements for SMIv2",
STD 58, RFC 2580, April 1999.
[RFC1157] J. Case, M. Fedor, M. Schoffstall, and J. Davin, "Simple
Network Management Protocol", STD 15, RFC 1157, May 1990. Network Management Protocol", STD 15, RFC 1157, May 1990.
[RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, [RFC3291] M. Daniele, et. al., "Textual Conventions for Internet
Network Addresses", RFC 3291, May 2002.
[IANA-AF] IANA, "IANA Address Family Numbers MIB",
http://www.iana.org/assignments/ianaaddressfamilynumbers-mib
[RFC1213] K. McCloghrie, M. Rose, "Management Information Base for
Network Management of TCP/IP-based internets:MIB-II", March
1991.
[RFC2011] K. McCloghrie, "SNMPv2 Management Information Base for the
Internet Protocol using SMIv2", November 1996.
[RFC2465] D. Haskin, S. Onishi, "Management Information Base for IP
Version 6: Textual Conventions and General Group", December
1998.
10. Informative References
[RFC1901] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser,
"Introduction to Community-based SNMPv2", RFC 1901, January "Introduction to Community-based SNMPv2", RFC 1901, January
1996. 1996.
[RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, [RFC1906] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser,
"Transport Mappings for Version 2 of the Simple Network "Transport Mappings for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1906, January 1996. Management Protocol (SNMPv2)", RFC 1906, January 1996.
[RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message [RFC2572] J. Case, D. Harrington, R. Presuhn, and B. Wijnen, "Message
Processing and Dispatching for the Simple Network Management Processing and Dispatching for the Simple Network Management
Protocol (SNMP)", RFC 2572, April 1999. Protocol (SNMP)", RFC 2572, April 1999.
[RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model [RFC2574] U. Blumenthal, and B. Wijnen, "User-based Security Model
(USM) for version 3 of the Simple Network Management (USM) for version 3 of the Simple Network Management
Protocol (SNMPv3)", RFC 2574, April 1999. Protocol (SNMPv3)", RFC 2574, April 1999.
[RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, [RFC1905] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser,
"Protocol Operations for Version 2 of the Simple Network "Protocol Operations for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1905, January 1996. Management Protocol (SNMPv2)", RFC 1905, January 1996.
[RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", [RFC2573] D. Levi, P. Meyer, and B. Stewart, "SNMPv3 Applications",
RFC 2573, April 1999. RFC 2573, April 1999.
[RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based [RFC2575] B. Wijnen, R. Presuhn, and K. McCloghrie, "View-based Access
Access Control Model (VACM) for the Simple Network Control Model (VACM) for the Simple Network Management
Management Protocol (SNMP)", RFC 2575, April 1999. Protocol (SNMP)", RFC 2575, April 1999.
[RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC2570] J. Case, R. Mundy, D. Partain, and B. Stewart, "Introduction
"Introduction to Version 3 of the Internet-standard Network to Version 3 of the Internet-standard Network Management
Management Framework", RFC 2570, April 1999. Framework", RFC 2570, April 1999.
[RFC2012] McCloghrie, K., "SNMPv2 Management Information Base for the [RFC2012] K. McCloghrie, "SNMPv2 Management Information Base for the
Transmission Control Protocol using SMIv2", RFC 2012, Transmission Control Protocol using SMIv2", RFC 2012,
November 1996. November 1996.
[RFC3291] Daniele, M., et. al., "Textual Conventions for Internet [ISCSI] Satran, J., et. al., "iSCSI", draft-ietf-ips-iSCSI-17,
Network Addresses", draft-ietf-ops-rfc2851-update-06.txt, September 2002.
February 2001
[IANA-AF] IANA, "IANA Address Family Numbers MIB",
http://www.iana.org/assignments/ianaaddressfamilynumbers-mib
[RFC1213] K. McCloghrie, M.T. Rose, "Management Information Base for
Network Management of TCP/IP-based internets:MIB-II", March
1991.
[RFC2011] K. McCloghrie, "SNMPv2 Management Information Base for the
Internet Protocol using SMIv2", November 1996.
[RFC2465] D. Haskin, S. Onishi, "Management Information Base for IP
Version 6: Textual Conventions and General Group", December
1998.
[X.509] ITU-T Recommendation X.509 (1997 E), "Information Technology
- Open Systems Interconnection - The Directory:
Authentication Framework", June 1997.
[FCMGMT] K. McCloghrie, "Fibre Channel Management MIB", draft-ietf-
ips-fcmgmt-mib-01, February 2002.
10. Informative References
[RFC1737] K. Sollins, L. Masinter, "Functional Requirements for [RFC1737] K. Sollins, L. Masinter, "Functional Requirements for
Uniform Resource Names", December 1994. Uniform Resource Names", December 1994.
[RFC1994] W. Simpson, "PPP Challenge Handshake Authentication Protocol [RFC1994] W. Simpson, "PPP Challenge Handshake Authentication Protocol
(CHAP)", August 1996. (CHAP)", August 1996.
[RFC1510] J. Kohl, C. Neuman, "The Kerberos Network Authentication
Service (V5)", September 1993.
[RFC2945] T. Wu, "The SRP Authentication and Key Exchange System", [RFC2945] T. Wu, "The SRP Authentication and Key Exchange System",
September 2000. September 2000.
[FCMGMT] K. McCloghrie, "Fibre Channel Management MIB", draft-ietf-
ips-fcmgmt-mib-01, February 2002.
[X.509] ITU-T Recommendation X.509 (1997 E), "Information Technology
- Open Systems Interconnection - The Directory:
Authentication Framework", June 1997.
11. Authors' Addresses 11. Authors' Addresses
Mark Bakke Mark Bakke
Postal: Cisco Systems, Inc Postal: Cisco Systems, Inc
6450 Wedgwood Road, Suite 130 6450 Wedgwood Road, Suite 130
Maple Grove, MN Maple Grove, MN
USA 55311 USA 55311
Tel: +1 763-398-1000 Tel: +1 763-398-1000
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/