1 SNMPv2-PARTY-MIB DEFINITIONS ::= BEGIN 2 3 IMPORTS 4 MODULE-IDENTITY, OBJECT-TYPE, snmpModules, 5 UInteger32 6 FROM SNMPv2-SMI 7 TEXTUAL-CONVENTION, RowStatus, TruthValue 8 FROM SNMPv2-TC 9 MODULE-COMPLIANCE, OBJECT-GROUP 10 FROM SNMPv2-CONF; 11 12 partyMIB MODULE-IDENTITY 13 LAST-UPDATED "9304010000Z" 14 ORGANIZATION "IETF SNMP Security Working Group" 15 CONTACT-INFO 16 " Keith McCloghrie 17 18 Postal: Hughes LAN Systems 19 1225 Charleston Road 20 Mountain View, CA 94043 21 US 22 23 Tel: +1 415 966 7934 24 Fax: +1 415 960 3738 25 26 E-mail: kzm@hls.com" 27 DESCRIPTION 28 "The MIB module describing SNMPv2 parties." 29 ::= { snmpModules 3 } 30 31 -- textual conventions 32 33 Party ::= TEXTUAL-CONVENTION 34 STATUS current 35 DESCRIPTION 36 "Denotes a SNMPv2 party identifier. 37 38 Note that agents may impose implementation 39 limitations on the length of OIDs used to identify 40 Parties. As such, management stations creating 41 new parties should be aware that using an 42 excessively long OID may result in the agent 43 refusing to perform the set operation and instead 44 returning the appropriate error response, e.g., 45 noCreation." 46 SYNTAX OBJECT IDENTIFIER 47 48 TAddress ::= TEXTUAL-CONVENTION 49 STATUS current 50 DESCRIPTION 51 "Denotes a transport service address. 52 53 For snmpUDPDomain, a TAddress is 6 octets long, 54 the initial 4 octets containing the IP-address in 55 network-byte order and the last 2 containing the 56 UDP port in network-byte order. Consult [5] for 57 further information on snmpUDPDomain." 58 SYNTAX OCTET STRING 59 60 Clock ::= TEXTUAL-CONVENTION 61 STATUS current 62 DESCRIPTION 63 "A party's authentication clock - a non-negative 64 integer which is incremented as specified/allowed 65 by the party's Authentication Protocol. 66 67 For noAuth, a party's authentication clock is 68 unused and its value is undefined. 69 70 For v2md5AuthProtocol, a party's authentication 71 clock is a relative clock with 1-second 72 granularity." 73 SYNTAX UInteger32 74 75 Context ::= TEXTUAL-CONVENTION 76 STATUS current 77 DESCRIPTION 78 "Denotes a SNMPv2 context identifier. 79 80 Note that agents may impose implementation 81 limitations on the length of OIDs used to identify 82 Contexts. As such, management stations creating new 83 contexts should be aware that using an excessively 84 long OID may result in the agent refusing to 85 perform the set operation and instead returning 86 the appropriate error response, e.g., noCreation." 87 SYNTAX OBJECT IDENTIFIER 88 89 StorageType ::= TEXTUAL-CONVENTION 90 STATUS current 91 DESCRIPTION 92 "Describes the memory realization of a conceptual 93 row. A row which is volatile(2) is lost upon 94 reboot. A row which is nonVolatile(3) is backed 95 up by stable storage. A row which is permanent(4) 96 cannot be changed nor deleted." 97 SYNTAX INTEGER { 98 other(1), -- eh? 99 volatile(2), -- e.g., in RAM 100 nonVolatile(3), -- e.g., in NVRAM 101 permanent(4) -- e.g., in ROM 102 } 103 104 -- administrative assignments 105 106 partyAdmin OBJECT IDENTIFIER ::= { partyMIB 1 } 107 108 -- definitions of security protocols 109 110 partyProtocols OBJECT IDENTIFIER ::= { partyAdmin 1 } 111 112 -- the protocol without authentication 113 noAuth OBJECT IDENTIFIER ::= { partyProtocols 1 } 114 115 -- the protocol without privacy 116 noPriv OBJECT IDENTIFIER ::= { partyProtocols 2 } 117 118 -- the DES Privacy Protocol [4] 119 desPrivProtocol 120 OBJECT IDENTIFIER ::= { partyProtocols 3 } 121 122 -- the MD5 Authentication Protocol [4] 123 v2md5AuthProtocol 124 OBJECT IDENTIFIER ::= { partyProtocols 4 } 125 126 -- definitions of temporal domains 127 128 temporalDomains 129 OBJECT IDENTIFIER ::= { partyAdmin 2 } 130 131 -- this temporal domain refers to management information 132 -- at the current time 133 currentTime OBJECT IDENTIFIER ::= { temporalDomains 1 } 134 135 -- this temporal domain refers to management information 136 -- upon the next re-initialization of the managed device 137 restartTime OBJECT IDENTIFIER ::= { temporalDomains 2 } 138 139 -- the temporal domain { cacheTime N } refers to management 140 -- information that is cached and guaranteed to be at most 141 -- N seconds old 142 cacheTime OBJECT IDENTIFIER ::= { temporalDomains 3 } 143 144 -- Definition of Initial Party and Context Identifiers 145 146 -- When devices are installed, they need to be configured 147 -- with an initial set of SNMPv2 parties and contexts. The 148 -- configuration of SNMPv2 parties and contexts requires (among 149 -- other things) the assignment of several OBJECT IDENTIFIERs. 150 -- Any local network administration can obtain the delegated 151 -- authority necessary to assign its own OBJECT IDENTIFIERs. 152 -- However, to provide for those administrations who have not 153 -- obtained the necessary authority, this document allocates a 154 -- branch of the naming tree for use with the following 155 -- conventions. 156 157 initialPartyId OBJECT IDENTIFIER ::= { partyAdmin 3 } 158 159 initialContextId 160 OBJECT IDENTIFIER ::= { partyAdmin 4 } 161 162 -- Note these are identified as "initial" party and context 163 -- identifiers since these allow secure SNMPv2 communication 164 -- to proceed, thereby allowing further SNMPv2 parties to be 165 -- configured through use of the SNMPv2 itself. 166 167 -- The following definitions identify a party identifier, and 168 -- specify the initial values of various object instances 169 -- indexed by that identifier. In addition, the SNMPv2 170 -- context, access control policy, and MIB view information 171 -- assigned, by convention, are identified. 172 173 -- Party Identifiers for use as initial SNMPv2 parties 174 -- at IP address a.b.c.d 175 176 -- Note that for all OBJECT IDENTIFIERs assigned under 177 -- initialPartyId, the four sub-identifiers immediately 178 -- following initialPartyId represent the four octets of 179 -- an IP address. Initial party identifiers for other address 180 -- families are assigned under a different OBJECT IDENTIFIER, 181 -- as defined elsewhere. 182 183 -- Devices which support SNMPv2 as entities acting in an 184 -- agent role, and accessed via the snmpUDPDomain transport 185 -- domain, are required to be configured with the appropriate 186 -- set of the following as implicit assignments as and when 187 -- they are configured with an IP address. The appropriate 188 -- set is all those applicable to the authentication and 189 -- privacy protocols supported by the device. 190 191 -- a noAuth/noPriv party which executes at the agent 192 -- partyIdentity = { initialPartyId a b c d 1 } 193 -- partyIndex = 1 194 -- partyTDomain = snmpUDPDomain 195 -- partyTAddress = a.b.c.d, 161 196 -- partyLocal = true (in agent's database) 197 -- partyAuthProtocol = noAuth 198 -- partyAuthClock = 0 199 -- partyAuthPrivate = ''H (the empty string) 200 -- partyAuthPublic = ''H (the empty string) 201 -- partyAuthLifetime = 0 202 -- partyPrivProtocol = noPriv 203 -- partyPrivPrivate = ''H (the empty string) 204 -- partyPrivPublic = ''H (the empty string) 205 206 -- a noAuth/noPriv party which executes at a manager 207 -- partyIdentity = { initialPartyId a b c d 2 } 208 -- partyIndex = 2 209 -- partyTDomain = snmpUDPDomain 210 -- partyTAddress = assigned by local administration 211 -- partyLocal = false (in agent's database) 212 -- partyAuthProtocol = noAuth 213 -- partyAuthClock = 0 214 -- partyAuthPrivate = ''H (the empty string) 215 -- partyAuthPublic = ''H (the empty string) 216 -- partyAuthLifetime = 0 217 -- partyPrivProtocol = noPriv 218 -- partyPrivPrivate = ''H (the empty string) 219 -- partyPrivPublic = ''H (the empty string) 220 221 -- a md5Auth/noPriv party which executes at the agent 222 -- partyIdentity = { initialPartyId a b c d 3 } 223 -- partyIndex = 3 224 -- partyTDomain = snmpUDPDomain 225 -- partyTAddress = a.b.c.d, 161 226 -- partyLocal = true (in agent's database) 227 -- partyAuthProtocol = v2md5AuthProtocol 228 -- partyAuthClock = 0 229 -- partyAuthPrivate = assigned by local administration 230 -- partyAuthPublic = ''H (the empty string) 231 -- partyAuthLifetime = 300 232 -- partyPrivProtocol = noPriv 233 -- partyPrivPrivate = ''H (the empty string) 234 -- partyPrivPublic = ''H (the empty string) 235 236 -- a md5Auth/noPriv party which executes at a manager 237 -- partyIdentity = { initialPartyId a b c d 4 } 238 -- partyIndex = 4 239 -- partyTDomain = snmpUDPDomain 240 -- partyTAddress = assigned by local administration 241 -- partyLocal = false (in agent's database) 242 -- partyAuthProtocol = v2md5AuthProtocol 243 -- partyAuthClock = 0 244 -- partyAuthPrivate = assigned by local administration 245 -- partyAuthPublic = ''H (the empty string) 246 -- partyAuthLifetime = 300 247 -- partyPrivProtocol = noPriv 248 -- partyPrivPrivate = ''H (the empty string) 249 -- partyPrivPublic = ''H (the empty string) 250 251 -- a md5Auth/desPriv party which executes at the agent 252 -- partyIdentity = { initialPartyId a b c d 5 } 253 -- partyIndex = 5 254 -- partyTDomain = snmpUDPDomain 255 -- partyTAddress = a.b.c.d, 161 256 -- partyLocal = true (in agent's database) 257 -- partyAuthProtocol = v2md5AuthProtocol 258 -- partyAuthClock = 0 259 -- partyAuthPrivate = assigned by local administration 260 -- partyAuthPublic = ''H (the empty string) 261 -- partyAuthLifetime = 300 262 -- partyPrivProtocol = desPrivProtocol 263 -- partyPrivPrivate = assigned by local administration 264 -- partyPrivPublic = ''H (the empty string) 265 266 -- a md5Auth/desPriv party which executes at a manager 267 -- partyIdentity = { initialPartyId a b c d 6 } 268 -- partyIndex = 6 269 -- partyTDomain = snmpUDPDomain 270 -- partyTAddress = assigned by local administration 271 -- partyLocal = false (in agent's database) 272 -- partyAuthProtocol = v2md5AuthProtocol 273 -- partyAuthClock = 0 274 -- partyAuthPrivate = assigned by local administration 275 -- partyAuthPublic = ''H (the empty string) 276 -- partyAuthLifetime = 300 277 -- partyPrivProtocol = desPrivProtocol 278 -- partyPrivPrivate = assigned by local administration 279 -- partyPrivPublic = ''H (the empty string) 280 281 -- the initial SNMPv2 contexts assigned, by convention, are: 282 283 -- contextIdentity = { initialContextId a b c d 1 } 284 -- contextIndex = 1 285 -- contextLocal = true (in agent's database) 286 -- contextViewIndex = 1 287 -- contextLocalEntity = ''H (the empty string) 288 -- contextLocalTime = currentTime 289 -- contextProxyDstParty = { 0 0 } 290 -- contextProxySrcParty = { 0 0 } 291 -- contextProxyContext = { 0 0 } 292 293 -- contextIdentity = { initialContextId a b c d 2 } 294 -- contextIndex = 2 295 -- contextLocal = true (in agent's database) 296 -- contextViewIndex = 2 297 -- contextLocalEntity = ''H (the empty string) 298 -- contextLocalTime = currentTime 299 -- contextProxyDstParty = { 0 0 } 300 -- contextProxySrcParty = { 0 0 } 301 -- contextProxyContext = { 0 0 } 302 303-- The initial access control policy assigned, by 304-- convention, is: 305 306-- aclTarget = 1 307-- aclSubject = 2 308-- aclResources = 1 309-- aclPrivileges = 35 (Get, Get-Next & Get-Bulk) 310 311-- aclTarget = 2 312-- aclSubject = 1 313-- aclResources = 1 314-- aclPrivileges = 132 (Response & SNMPv2-Trap) 315 316-- aclTarget = 3 317-- aclSubject = 4 318-- aclResources = 2 319-- aclPrivileges = 43 (Get, Get-Next, Set & Get-Bulk) 320 321-- aclTarget = 4 322-- aclSubject = 3 323-- aclResources = 2 324-- aclPrivileges = 4 (Response) 325 326-- aclTarget = 5 327-- aclSubject = 6 328-- aclResources = 2 329-- aclPrivileges = 43 (Get, Get-Next, Set & Get-Bulk) 330 331-- aclTarget = 6 332-- aclSubject = 5 333-- aclResources = 2 334-- aclPrivileges = 4 (Response) 335 336-- Note that the initial context and access control 337-- information assigned above, by default, to the 338-- md5Auth/desPriv parties are identical to those assigned to 339-- the md5Auth/noPriv parties. However, each administration 340-- may choose to have different authorization policies, 341-- depending on whether privacy is used. 342 343 -- The initial MIB views assigned, by convention, are: 344 345 -- viewIndex = 1 346 -- viewSubtree = system 347 -- viewMask = ''H 348 -- viewType = included 349 350 -- viewIndex = 1 351 -- viewSubtree = snmpStats 352 -- viewMask = ''H 353 -- viewType = included 354 355 -- viewIndex = 1 356 -- viewSubtree = snmpParties 357 -- viewMask = ''H 358 -- viewType = included 359 360 -- viewIndex = 2 361 -- viewSubtree = internet 362 -- viewMask = ''H 363 -- viewType = included 364 365 -- Note that full access to the partyTable, contextTable, 366 -- aclTable, and viewTable gives a manager the ability to 367 -- configure any parties with any/all capabilities (the 368 -- equivalent of "root" access). A lesser manager can be 369 -- given access only to the partyTable so that it can 370 -- maintain its own parties, but not increase/decrease 371 -- their capabilities. Such a lesser manager can also 372 -- create new parties but they are of no use to it. 373 374 -- object assignments 375 376 partyMIBObjects 377 OBJECT IDENTIFIER ::= { partyMIB 2 } 378 379 -- the SNMPv2 party database group 380 381 snmpParties OBJECT IDENTIFIER ::= { partyMIBObjects 1 } 382 383 partyTable OBJECT-TYPE 384 SYNTAX SEQUENCE OF PartyEntry 385 MAX-ACCESS not-accessible 386 STATUS current 387 DESCRIPTION 388 "The SNMPv2 Party database." 389 ::= { snmpParties 1 } 390 391 partyEntry OBJECT-TYPE 392 SYNTAX PartyEntry 393 MAX-ACCESS not-accessible 394 STATUS current 395 DESCRIPTION 396 "Locally held information about a particular 397 SNMPv2 party." 398 INDEX { IMPLIED partyIdentity } 399 ::= { partyTable 1 } 400 401 PartyEntry ::= 402 SEQUENCE { 403 partyIdentity Party, 404 partyIndex INTEGER, 405 partyTDomain OBJECT IDENTIFIER, 406 partyTAddress TAddress, 407 partyMaxMessageSize INTEGER, 408 partyLocal TruthValue, 409 partyAuthProtocol OBJECT IDENTIFIER, 410 partyAuthClock Clock, 411 partyAuthPrivate OCTET STRING, 412 partyAuthPublic OCTET STRING, 413 partyAuthLifetime INTEGER, 414 partyPrivProtocol OBJECT IDENTIFIER, 415 partyPrivPrivate OCTET STRING, 416 partyPrivPublic OCTET STRING, 417 partyCloneFrom Party, 418 partyStorageType StorageType, 419 partyStatus RowStatus 420 } 421 422 partyIdentity OBJECT-TYPE 423 SYNTAX Party 424 MAX-ACCESS not-accessible 425 STATUS current 426 DESCRIPTION 427 "A party identifier uniquely identifying a 428 particular SNMPv2 party." 429 ::= { partyEntry 1 } 430 431 partyIndex OBJECT-TYPE 432 SYNTAX INTEGER (1..65535) 433 MAX-ACCESS read-only 434 STATUS current 435 DESCRIPTION 436 "A unique value for each SNMPv2 party. The value 437 for each SNMPv2 party must remain constant at 438 least from one re-initialization of the entity's 439 network management system to the next re- 440 initialization." 441 ::= { partyEntry 2 } 442 443 partyTDomain OBJECT-TYPE 444 SYNTAX OBJECT IDENTIFIER 445 MAX-ACCESS read-create 446 STATUS current 447 DESCRIPTION 448 "Indicates the kind of transport service by which 449 the party receives network management traffic." 450 DEFVAL { snmpUDPDomain } 451 ::= { partyEntry 3 } 452 453 partyTAddress OBJECT-TYPE 454 SYNTAX TAddress 455 MAX-ACCESS read-create 456 STATUS current 457 DESCRIPTION 458 "The transport service address by which the party 459 receives network management traffic, formatted 460 according to the corresponding value of 461 partyTDomain. For snmpUDPDomain, partyTAddress is 462 formatted as a 4-octet IP Address concatenated 463 with a 2-octet UDP port number." 464 DEFVAL { '000000000000'H } 465 ::= { partyEntry 4 } 466 467 partyMaxMessageSize OBJECT-TYPE 468 SYNTAX INTEGER (484..65507) 469 MAX-ACCESS read-create 470 STATUS current 471 DESCRIPTION 472 "The maximum length in octets of a SNMPv2 message 473 which this party will accept. For parties which 474 execute at an agent, the agent initializes this 475 object to the maximum length supported by the 476 agent, and does not let the object be set to any 477 larger value. For parties which do not execute at 478 the agent, the agent must allow the manager to set 479 this object to any legal value, even if it is 480 larger than the agent can generate." 481 DEFVAL { 484 } 482 ::= { partyEntry 5 } 483 484 partyLocal OBJECT-TYPE 485 SYNTAX TruthValue 486 MAX-ACCESS read-create 487 STATUS current 488 DESCRIPTION 489 "An indication of whether this party executes at 490 this SNMPv2 entity. If this object has a value of 491 true(1), then the SNMPv2 entity will listen for 492 SNMPv2 messages on the partyTAddress associated 493 with this party. If this object has the value 494 false(2), then the SNMPv2 entity will not listen 495 for SNMPv2 messages on the partyTAddress 496 associated with this party." 497 DEFVAL { false } 498 ::= { partyEntry 6 } 499 500 partyAuthProtocol OBJECT-TYPE 501 SYNTAX OBJECT IDENTIFIER 502 MAX-ACCESS read-create 503 STATUS current 504 DESCRIPTION 505 "The authentication protocol by which all messages 506 generated by the party are authenticated as to 507 origin and integrity. The value noAuth signifies 508 that messages generated by the party are not 509 authenticated. 510 511 Once an instance of this object is created, its 512 value can not be changed." 513 DEFVAL { v2md5AuthProtocol } 514 ::= { partyEntry 7 } 515 516 partyAuthClock OBJECT-TYPE 517 SYNTAX Clock 518 MAX-ACCESS read-create 519 STATUS current 520 DESCRIPTION 521 "The authentication clock which represents the 522 local notion of the current time specific to the 523 party. This value must not be decremented unless 524 the party's private authentication key is changed 525 simultaneously." 526 DEFVAL { 0 } 527 ::= { partyEntry 8 } 528 529 partyAuthPrivate OBJECT-TYPE 530 SYNTAX OCTET STRING 531 -- for v2md5AuthProtocol: (SIZE (16)) 532 MAX-ACCESS read-create 533 STATUS current 534 DESCRIPTION 535 "An encoding of the party's private authentication 536 key which may be needed to support the 537 authentication protocol. Although the value of 538 this variable may be altered by a management 539 operation (e.g., a SNMPv2 Set-Request), its value 540 can never be retrieved by a management operation: 541 when read, the value of this variable is the zero 542 length OCTET STRING. 543 544 The private authentication key is NOT directly 545 represented by the value of this variable, but 546 rather it is represented according to an encoding. 547 This encoding is the bitwise exclusive-OR of the 548 old key with the new key, i.e., of the old private 549 authentication key (prior to the alteration) with 550 the new private authentication key (after the 551 alteration). Thus, when processing a received 552 protocol Set operation, the new private 553 authentication key is obtained from the value of 554 this variable as the result of a bitwise 555 exclusive-OR of the variable's value and the old 556 private authentication key. In calculating the 557 exclusive-OR, if the old key is shorter than the 558 new key, zero-valued padding is appended to the 559 old key. If no value for the old key exists, a 560 zero-length OCTET STRING is used in the 561 calculation." 562 DEFVAL { ''H } -- the empty string 563 ::= { partyEntry 9 } 564 565 partyAuthPublic OBJECT-TYPE 566 SYNTAX OCTET STRING 567 -- for v2md5AuthProtocol: (SIZE (0..16)) 568 MAX-ACCESS read-create 569 STATUS current 570 DESCRIPTION 571 "A publically-readable value for the party. 572 573 Depending on the party's authentication protocol, 574 this value may be needed to support the party's 575 authentication protocol. Alternatively, it may be 576 used by a manager during the procedure for 577 altering secret information about a party. (For 578 example, by altering the value of an instance of 579 this object in the same SNMPv2 Set-Request used to 580 update an instance of partyAuthPrivate, a 581 subsequent Get-Request can determine if the Set- 582 Request was successful in the event that no 583 response to the Set-Request is received, see [4].) 584 585 The length of the value is dependent on the 586 party's authentication protocol. If not used by 587 the authentication protocol, it is recommended 588 that agents support values of any length up to and 589 including the length of the corresponding 590 partyAuthPrivate object." 591 DEFVAL { ''H } -- the empty string 592 ::= { partyEntry 10 } 593 594 partyAuthLifetime OBJECT-TYPE 595 SYNTAX INTEGER (0..2147483647) 596 UNITS "seconds" 597 MAX-ACCESS read-create 598 STATUS current 599 DESCRIPTION 600 "The lifetime (in units of seconds) which 601 represents an administrative upper bound on 602 acceptable delivery delay for protocol messages 603 generated by the party. 604 605 Once an instance of this object is created, its 606 value can not be changed." 607 DEFVAL { 300 } 608 ::= { partyEntry 11 } 609 610 partyPrivProtocol OBJECT-TYPE 611 SYNTAX OBJECT IDENTIFIER 612 MAX-ACCESS read-create 613 STATUS current 614 DESCRIPTION 615 "The privacy protocol by which all protocol 616 messages received by the party are protected from 617 disclosure. The value noPriv signifies that 618 messages received by the party are not protected. 619 620 Once an instance of this object is created, its 621 value can not be changed." 622 DEFVAL { noPriv } 623 ::= { partyEntry 12 } 624 625 partyPrivPrivate OBJECT-TYPE 626 SYNTAX OCTET STRING 627 -- for desPrivProtocol: (SIZE (16)) 628 MAX-ACCESS read-create 629 STATUS current 630 DESCRIPTION 631 "An encoding of the party's private encryption key 632 which may be needed to support the privacy 633 protocol. Although the value of this variable may 634 be altered by a management operation (e.g., a 635 SNMPv2 Set-Request), its value can never be 636 retrieved by a management operation: when read, 637 the value of this variable is the zero length 638 OCTET STRING. 639 640 The private encryption key is NOT directly 641 represented by the value of this variable, but 642 rather it is represented according to an encoding. 643 This encoding is the bitwise exclusive-OR of the 644 old key with the new key, i.e., of the old private 645 encryption key (prior to the alteration) with the 646 new private encryption key (after the alteration). 647 Thus, when processing a received protocol Set 648 operation, the new private encryption key is 649 obtained from the value of this variable as the 650 result of a bitwise exclusive-OR of the variable's 651 value and the old private encryption key. In 652 calculating the exclusive-OR, if the old key is 653 shorter than the new key, zero-valued padding is 654 appended to the old key. If no value for the old 655 key exists, a zero-length OCTET STRING is used in 656 the calculation." 657 DEFVAL { ''H } -- the empty string 658 ::= { partyEntry 13 } 659 660 partyPrivPublic OBJECT-TYPE 661 SYNTAX OCTET STRING 662 -- for desPrivProtocol: (SIZE (0..16)) 663 MAX-ACCESS read-create 664 STATUS current 665 DESCRIPTION 666 "A publically-readable value for the party. 667 668 Depending on the party's privacy protocol, this 669 value may be needed to support the party's privacy 670 protocol. Alternatively, it may be used by a 671 manager as a part of its procedure for altering 672 secret information about a party. (For example, 673 by altering the value of an instance of this 674 object in the same SNMPv2 Set-Request used to 675 update an instance of partyPrivPrivate, a 676 subsequent Get-Request can determine if the Set- 677 Request was successful in the event that no 678 response to the Set-Request is received, see [4].) 679 680 The length of the value is dependent on the 681 party's privacy protocol. If not used by the 682 privacy protocol, it is recommended that agents 683 support values of any length up to and including 684 the length of the corresponding partyPrivPrivate 685 object." 686 DEFVAL { ''H } -- the empty string 687 ::= { partyEntry 14 } 688 689 partyCloneFrom OBJECT-TYPE 690 SYNTAX Party 691 MAX-ACCESS read-create 692 STATUS current 693 DESCRIPTION 694 "The identity of a party to clone authentication 695 and privacy parameters from. When read, the value 696 { 0 0 } is returned. 697 698 This value must be written exactly once, when the 699 associated instance of partyStatus either does not 700 exist or has the value `notReady'. When written, 701 the value identifies a party, the cloning party, 702 whose status column has the value `active'. The 703 cloning party is used in two ways. 704 705 One, if instances of the following objects do not 706 exist for the party being created, then they are 707 created with values identical to those of the 708 corresponding objects for the cloning party: 709 710 partyAuthProtocol 711 partyAuthPublic 712 partyAuthLifetime 713 partyPrivProtocol 714 partyPrivPublic 715 716 Two, instances of the following objects are 717 updated using the corresponding values of the 718 cloning party: 719 720 partyAuthPrivate 721 partyPrivPrivate 722 723 (e.g., the value of the cloning party's instance 724 of the partyAuthPrivate object is XOR'd with the 725 value of the partyAuthPrivate instances of the 726 party being created.)" 727 ::= { partyEntry 15 } 728 729 partyStorageType OBJECT-TYPE 730 SYNTAX StorageType 731 MAX-ACCESS read-create 732 STATUS current 733 DESCRIPTION 734 "The storage type for this conceptual row in the 735 partyTable." 736 DEFVAL { nonVolatile } 737 ::= { partyEntry 16 } 738 739 partyStatus OBJECT-TYPE 740 SYNTAX RowStatus 741 MAX-ACCESS read-create 742 STATUS current 743 DESCRIPTION 744 "The status of this conceptual row in the 745 partyTable. 746 747 A party is not qualified for activation until 748 instances of all columns of its partyEntry row 749 have an appropriate value. In particular: 750 751 A value must be written to the Party's 752 partyCloneFrom object. 753 754 If the Party's partyAuthProtocol object has the 755 value md5AuthProtocol, then the corresponding 756 instance of partyAuthPrivate must contain a 757 secret of the appropriate length. Further, at 758 least one management protocol set operation 759 updating the value of the party's 760 partyAuthPrivate object must be successfully 761 processed, before the partyAuthPrivate column is 762 considered appropriately configured. 763 764 If the Party's partyPrivProtocol object has the 765 value desPrivProtocol, then the corresponding 766 instance of partyPrivPrivate must contain a 767 secret of the appropriate length. Further, at 768 least one management protocol set operation 769 updating the value of the party's 770 partyPrivPrivate object must be successfully 771 processed, before the partyPrivPrivate column is 772 considered appropriately configured. 773 774 Until instances of all corresponding columns are 775 appropriately configured, the value of the 776 corresponding instance of the partyStatus column is 777 `notReady'." 778 ::= { partyEntry 17 } 779 780 -- the SNMPv2 contexts database group 781 782 snmpContexts OBJECT IDENTIFIER ::= { partyMIBObjects 2 } 783 784 contextTable OBJECT-TYPE 785 SYNTAX SEQUENCE OF ContextEntry 786 MAX-ACCESS not-accessible 787 STATUS current 788 DESCRIPTION 789 "The SNMPv2 Context database." 790 ::= { snmpContexts 1 } 791 792 contextEntry OBJECT-TYPE 793 SYNTAX ContextEntry 794 MAX-ACCESS not-accessible 795 STATUS current 796 DESCRIPTION 797 "Locally held information about a particular 798 SNMPv2 context." 799 INDEX { IMPLIED contextIdentity } 800 ::= { contextTable 1 } 801 802 ContextEntry ::= 803 SEQUENCE { 804 contextIdentity Context, 805 contextIndex INTEGER, 806 contextLocal TruthValue, 807 contextViewIndex INTEGER, 808 contextLocalEntity OCTET STRING, 809 contextLocalTime OBJECT IDENTIFIER, 810 contextProxyDstParty Party, 811 contextProxySrcParty Party, 812 contextProxyContext OBJECT IDENTIFIER, 813 contextStorageType StorageType, 814 contextStatus RowStatus 815 } 816 817 contextIdentity OBJECT-TYPE 818 SYNTAX Context 819 MAX-ACCESS not-accessible 820 STATUS current 821 DESCRIPTION 822 "A context identifier uniquely identifying a 823 particular SNMPv2 context." 824 ::= { contextEntry 1 } 825 826 contextIndex OBJECT-TYPE 827 SYNTAX INTEGER (1..65535) 828 MAX-ACCESS read-only 829 STATUS current 830 DESCRIPTION 831 "A unique value for each SNMPv2 context. The 832 value for each SNMPv2 context must remain constant 833 at least from one re-initialization of the 834 entity's network management system to the next 835 re-initialization." 836 ::= { contextEntry 2 } 837 838 contextLocal OBJECT-TYPE 839 SYNTAX TruthValue 840 MAX-ACCESS read-create 841 STATUS current 842 DESCRIPTION 843 "An indication of whether this context is realized 844 by this SNMPv2 entity." 845 DEFVAL { true } 846 ::= { contextEntry 3 } 847 848 contextViewIndex OBJECT-TYPE 849 SYNTAX INTEGER (0..65535) 850 MAX-ACCESS read-create 851 STATUS current 852 DESCRIPTION 853 "If the value of an instance of this object is 854 zero, then this corresponding conceptual row in 855 the contextTable refers to a SNMPv2 context which 856 identifies a proxy relationship; the values of the 857 corresponding instances of the 858 contextProxyDstParty, contextProxySrcParty, and 859 contextProxyContext objects provide further 860 information on the proxy relationship. 861 862 Otherwise, if the value of an instance of this 863 object is greater than zero, then this 864 corresponding conceptual row in the contextTable 865 refers to a SNMPv2 context which identifies a MIB 866 view of a locally accessible entity; the value of 867 the instance identifies the particular MIB view 868 which has the same value of viewIndex; and the 869 value of the corresponding instances of the 870 contextLocalEntity and contextLocalTime objects 871 provide further information on the local entity 872 and its temporal domain." 873 ::= { contextEntry 4 } 874 875 contextLocalEntity OBJECT-TYPE 876 SYNTAX OCTET STRING 877 MAX-ACCESS read-create 878 STATUS current 879 DESCRIPTION 880 "If the value of the corresponding instance of the 881 contextViewIndex is greater than zero, then the 882 value of an instance of this object identifies the 883 local entity whose management information is in 884 the SNMPv2 context's MIB view. The empty string 885 indicates that the MIB view contains the SNMPv2 886 entity's own local management information; 887 otherwise, a non-empty string indicates that the 888 MIB view contains management information of some 889 other local entity, e.g., 'Repeater1'." 890 DEFVAL { ''H } -- the empty string 891 ::= { contextEntry 5 } 892 893 contextLocalTime OBJECT-TYPE 894 SYNTAX OBJECT IDENTIFIER 895 MAX-ACCESS read-create 896 STATUS current 897 DESCRIPTION 898 "If the value of the corresponding instance of the 899 contextViewIndex is greater than zero, then the 900 value of an instance of this object identifies the 901 temporal context of the management information in 902 the MIB view." 903 DEFVAL { currentTime } 904 ::= { contextEntry 6 } 905 906 contextProxyDstParty OBJECT-TYPE 907 SYNTAX Party 908 MAX-ACCESS read-create 909 STATUS current 910 DESCRIPTION 911 "If the value of the corresponding instance of the 912 contextViewIndex is equal to zero, then the value 913 of an instance of this object identifies a SNMPv2 914 party which is the proxy destination of a proxy 915 relationship. 916 917 If the value of the corresponding instance of the 918 contextViewIndex is greater than zero, then the 919 value of an instance of this object is { 0 0 }." 920 ::= { contextEntry 7 } 921 922 contextProxySrcParty OBJECT-TYPE 923 SYNTAX Party 924 MAX-ACCESS read-create 925 STATUS current 926 DESCRIPTION 927 "If the value of the corresponding instance of the 928 contextViewIndex is equal to zero, then the value 929 of an instance of this object identifies a SNMPv2 930 party which is the proxy source of a proxy 931 relationship. 932 933 Interpretation of an instance of this object 934 depends upon the value of the transport domain 935 associated with the SNMPv2 party used as the proxy 936 destination in this proxy relationship. 937 938 If the value of the corresponding instance of the 939 contextViewIndex is greater than zero, then the 940 value of an instance of this object is { 0 0 }." 941 ::= { contextEntry 8 } 942 943 contextProxyContext OBJECT-TYPE 944 SYNTAX OBJECT IDENTIFIER 945 MAX-ACCESS read-create 946 STATUS current 947 DESCRIPTION 948 "If the value of the corresponding instance of the 949 contextViewIndex is equal to zero, then the value 950 of an instance of this object identifies the 951 context of a proxy relationship. 952 953 Interpretation of an instance of this object 954 depends upon the value of the transport domain 955 associated with the SNMPv2 party used as the proxy 956 destination in this proxy relationship. 957 958 If the value of the corresponding instance of the 959 contextViewIndex is greater than zero, then the 960 value of an instance of this object is { 0 0 }." 961 ::= { contextEntry 9 } 962 963 contextStorageType OBJECT-TYPE 964 SYNTAX StorageType 965 MAX-ACCESS read-create 966 STATUS current 967 DESCRIPTION 968 "The storage type for this conceptual row in the 969 contextTable." 970 DEFVAL { nonVolatile } 971 ::= { contextEntry 10 } 972 973 contextStatus OBJECT-TYPE 974 SYNTAX RowStatus 975 MAX-ACCESS read-create 976 STATUS current 977 DESCRIPTION 978 "The status of this conceptual row in the 979 contextTable. 980 981 A context is not qualified for activation until 982 instances of all corresponding columns have the 983 appropriate value. In particular, if the 984 context's contextViewIndex is greater than zero, 985 then the viewStatus column of the associated 986 conceptual row(s) in the viewTable must have the 987 value `active'. Until instances of all 988 corresponding columns are appropriately 989 configured, the value of the corresponding 990 instance of the contextStatus column is 991 `notReady'." 992 ::= { contextEntry 11 } 993 994 -- the SNMPv2 access privileges database group 995 996 snmpAccess OBJECT IDENTIFIER ::= { partyMIBObjects 3 } 997 998 aclTable OBJECT-TYPE 999 SYNTAX SEQUENCE OF AclEntry 1000 MAX-ACCESS not-accessible 1001 STATUS current 1002 DESCRIPTION 1003 "The access privileges database." 1004 ::= { snmpAccess 1 } 1005 1006 aclEntry OBJECT-TYPE 1007 SYNTAX AclEntry 1008 MAX-ACCESS not-accessible 1009 STATUS current 1010 DESCRIPTION 1011 "The access privileges for a particular subject 1012 SNMPv2 party when asking a particular target 1013 SNMPv2 party to access a particular SNMPv2 1014 context." 1015 INDEX { aclTarget, aclSubject, aclResources } 1016 ::= { aclTable 1 } 1017 1018 AclEntry ::= 1019 SEQUENCE { 1020 aclTarget INTEGER, 1021 aclSubject INTEGER, 1022 aclResources INTEGER, 1023 aclPrivileges INTEGER, 1024 aclStorageType StorageType, 1025 aclStatus RowStatus 1026 } 1027 1028 aclTarget OBJECT-TYPE 1029 SYNTAX INTEGER (1..65535) 1030 MAX-ACCESS not-accessible 1031 STATUS current 1032 DESCRIPTION 1033 "The value of an instance of this object 1034 identifies a SNMPv2 party which is the target of 1035 an access control policy, and has the same value 1036 as the instance of the partyIndex object for that 1037 party." 1038 ::= { aclEntry 1 } 1039 1040 aclSubject OBJECT-TYPE 1041 SYNTAX INTEGER (1..65535) 1042 MAX-ACCESS not-accessible 1043 STATUS current 1044 DESCRIPTION 1045 "The value of an instance of this object 1046 identifies a SNMPv2 party which is the subject of 1047 an access control policy, and has the same value 1048 as the instance of the partyIndex object for that 1049 SNMPv2 party." 1050 ::= { aclEntry 2 } 1051 1052 aclResources OBJECT-TYPE 1053 SYNTAX INTEGER (1..65535) 1054 MAX-ACCESS not-accessible 1055 STATUS current 1056 DESCRIPTION 1057 "The value of an instance of this object 1058 identifies a SNMPv2 context in an access control 1059 policy, and has the same value as the instance of 1060 the contextIndex object for that SNMPv2 context." 1061 ::= { aclEntry 3 } 1062 1063 aclPrivileges OBJECT-TYPE 1064 SYNTAX INTEGER (0..255) 1065 MAX-ACCESS read-create 1066 STATUS current 1067 DESCRIPTION 1068 "The access privileges which govern what 1069 management operations a particular target party 1070 may perform with respect to a particular SNMPv2 1071 context when requested by a particular subject 1072 party. These privileges are specified as a sum of 1073 values, where each value specifies a SNMPv2 PDU 1074 type by which the subject party may request a 1075 permitted operation. The value for a particular 1076 PDU type is computed as 2 raised to the value of 1077 the ASN.1 context-specific tag for the appropriate 1078 SNMPv2 PDU type. The values (for the tags defined 1079 in [5]) are defined in [3] as: 1080 1081 Get : 1 1082 GetNext : 2 1083 Response : 4 1084 Set : 8 1085 unused : 16 1086 GetBulk : 32 1087 Inform : 64 1088 SNMPv2-Trap : 128 1089 1090 The null set is represented by the value zero." 1091 DEFVAL { 35 } -- Get, Get-Next & Get-Bulk 1092 ::= { aclEntry 4 } 1093 1094 aclStorageType OBJECT-TYPE 1095 SYNTAX StorageType 1096 MAX-ACCESS read-create 1097 STATUS current 1098 DESCRIPTION 1099 "The storage type for this conceptual row in the 1100 aclTable." 1101 DEFVAL { nonVolatile } 1102 ::= { aclEntry 5 } 1103 1104 aclStatus OBJECT-TYPE 1105 SYNTAX RowStatus 1106 MAX-ACCESS read-create 1107 STATUS current 1108 DESCRIPTION 1109 "The status of this conceptual row in the 1110 aclTable." 1111 ::= { aclEntry 6 } 1112 1113 -- the MIB view database group 1114 1115 snmpViews OBJECT IDENTIFIER ::= { partyMIBObjects 4 } 1116 1117 viewTable OBJECT-TYPE 1118 SYNTAX SEQUENCE OF ViewEntry 1119 MAX-ACCESS not-accessible 1120 STATUS current 1121 DESCRIPTION 1122 "Locally held information about the MIB views 1123 known to this SNMPv2 entity. 1124 1125 Each SNMPv2 context which is locally accessible 1126 has a single MIB view which is defined by two 1127 collections of view subtrees: the included view 1128 subtrees, and the excluded view subtrees. Every 1129 such subtree, both included and excluded, is 1130 defined in this table. 1131 1132 To determine if a particular object instance is in 1133 a particular MIB view, compare the object 1134 instance's OBJECT IDENTIFIER with each of the MIB 1135 view's entries in this table. If none match, then 1136 the object instance is not in the MIB view. If 1137 one or more match, then the object instance is 1138 included in, or excluded from, the MIB view 1139 according to the value of viewType in the entry 1140 whose value of viewSubtree has the most sub- 1141 identifiers. If multiple entries match and have 1142 the same number of sub-identifiers, then the 1143 lexicographically greatest instance of viewType 1144 determines the inclusion or exclusion. 1145 1146 An object instance's OBJECT IDENTIFIER X matches 1147 an entry in this table when the number of sub- 1148 identifiers in X is at least as many as in the 1149 value of viewSubtree for the entry, and each sub- 1150 identifier in the value of viewSubtree matches its 1151 corresponding sub-identifier in X. Two sub- 1152 identifiers match either if the corresponding bit 1153 of viewMask is zero (the 'wild card' value), or if 1154 they are equal. 1155 1156 Due to this 'wild card' capability, we introduce 1157 1158 the term, a 'family' of view subtrees, to refer to 1159 the set of subtrees defined by a particular 1160 combination of values of viewSubtree and viewMask. 1161 In the case where no 'wild card' is defined in 1162 viewMask, the family of view subtrees reduces to a 1163 single view subtree." 1164 ::= { snmpViews 1 } 1165 1166 viewEntry OBJECT-TYPE 1167 SYNTAX ViewEntry 1168 MAX-ACCESS not-accessible 1169 STATUS current 1170 DESCRIPTION 1171 "Information on a particular family of view 1172 subtrees included in or excluded from a particular 1173 SNMPv2 context's MIB view. 1174 1175 Implementations must not restrict the number of 1176 families of view subtrees for a given MIB view, 1177 except as dictated by resource constraints on the 1178 overall number of entries in the viewTable." 1179 INDEX { viewIndex, IMPLIED viewSubtree } 1180 ::= { viewTable 1 } 1181 1182 ViewEntry ::= 1183 SEQUENCE { 1184 viewIndex INTEGER, 1185 viewSubtree OBJECT IDENTIFIER, 1186 viewMask OCTET STRING, 1187 viewType INTEGER, 1188 viewStorageType StorageType, 1189 viewStatus RowStatus 1190 } 1191 1192 viewIndex OBJECT-TYPE 1193 SYNTAX INTEGER (1..65535) 1194 MAX-ACCESS not-accessible 1195 STATUS current 1196 DESCRIPTION 1197 "A unique value for each MIB view. The value for 1198 each MIB view must remain constant at least from 1199 one re-initialization of the entity's network 1200 management system to the next re-initialization." 1201 ::= { viewEntry 1 } 1202 1203 viewSubtree OBJECT-TYPE 1204 SYNTAX OBJECT IDENTIFIER 1205 MAX-ACCESS not-accessible 1206 STATUS current 1207 DESCRIPTION 1208 "A MIB subtree." 1209 ::= { viewEntry 2 } 1210 1211 viewMask OBJECT-TYPE 1212 SYNTAX OCTET STRING (SIZE (0..16)) 1213 MAX-ACCESS read-create 1214 STATUS current 1215 DESCRIPTION 1216 "The bit mask which, in combination with the 1217 corresponding instance of viewSubtree, defines a 1218 family of view subtrees. 1219 1220 Each bit of this bit mask corresponds to a sub- 1221 identifier of viewSubtree, with the most 1222 significant bit of the i-th octet of this octet 1223 string value (extended if necessary, see below) 1224 corresponding to the (8*i - 7)-th sub-identifier, 1225 and the least significant bit of the i-th octet of 1226 this octet string corresponding to the (8*i)-th 1227 sub-identifier, where i is in the range 1 through 1228 16. 1229 1230 Each bit of this bit mask specifies whether or not 1231 the corresponding sub-identifiers must match when 1232 determining if an OBJECT IDENTIFIER is in this 1233 family of view subtrees; a '1' indicates that an 1234 exact match must occur; a '0' indicates 'wild 1235 card', i.e., any sub-identifier value matches. 1236 1237 Thus, the OBJECT IDENTIFIER X of an object 1238 instance is contained in a family of view subtrees 1239 if the following criteria are met: 1240 1241 for each sub-identifier of the value of 1242 viewSubtree, either: 1243 1244 the i-th bit of viewMask is 0, or 1245 1246 the i-th sub-identifier of X is equal to 1247 the i-th sub-identifier of the value of 1248 viewSubtree. 1249 1250 If the value of this bit mask is M bits long and 1251 there are more than M sub-identifiers in the 1252 corresponding instance of viewSubtree, then the 1253 bit mask is extended with 1's to be the required 1254 length. 1255 1256 Note that when the value of this object is the 1257 zero-length string, this extension rule results in 1258 a mask of all-1's being used (i.e., no 'wild 1259 card'), and the family of view subtrees is the one 1260 view subtree uniquely identified by the 1261 corresponding instance of viewSubtree." 1262 DEFVAL { ''H } 1263 ::= { viewEntry 3 } 1264 1265 viewType OBJECT-TYPE 1266 SYNTAX INTEGER { 1267 included(1), 1268 excluded(2) 1269 } 1270 MAX-ACCESS read-create 1271 STATUS current 1272 DESCRIPTION 1273 "The status of a particular family of view 1274 subtrees within the particular SNMPv2 context's 1275 MIB view. The value 'included(1)' indicates that 1276 the corresponding instances of viewSubtree and 1277 viewMask define a family of view subtrees included 1278 in the MIB view. The value 'excluded(2)' 1279 indicates that the corresponding instances of 1280 viewSubtree and viewMask define a family of view 1281 subtrees excluded from the MIB view." 1282 DEFVAL { included } 1283 ::= { viewEntry 4 } 1284 1285 viewStorageType OBJECT-TYPE 1286 SYNTAX StorageType 1287 MAX-ACCESS read-create 1288 STATUS current 1289 DESCRIPTION 1290 "The storage type for this conceptual row in the 1291 viewTable." 1292 DEFVAL { nonVolatile } 1293 ::= { viewEntry 5 } 1294 1295 viewStatus OBJECT-TYPE 1296 SYNTAX RowStatus 1297 MAX-ACCESS read-create 1298 STATUS current 1299 DESCRIPTION 1300 "The status of this conceptual row in the 1301 viewTable." 1302 ::= { viewEntry 6 } 1303 1304 -- conformance information 1305 1306 partyMIBConformance 1307 OBJECT IDENTIFIER ::= { partyMIB 3 } 1308 1309 partyMIBCompliances 1310 OBJECT IDENTIFIER ::= { partyMIBConformance 1 } 1311 partyMIBGroups 1312 OBJECT IDENTIFIER ::= { partyMIBConformance 2 } 1313 1314 -- compliance statements 1315 1316 unSecurableCompliance MODULE-COMPLIANCE 1317 STATUS current 1318 DESCRIPTION 1319 "The compliance statement for SNMPv2 entities 1320 which implement the Party MIB, but do not support 1321 any authentication or privacy protocols (i.e., 1322 only the noAuth and noPriv protocols are 1323 supported)." 1324 MODULE -- this module 1325 MANDATORY-GROUPS { partyMIBGroup } 1326 ::= { partyMIBCompliances 1 } 1327 1328 partyNoPrivacyCompliance MODULE-COMPLIANCE 1329 STATUS current 1330 DESCRIPTION 1331 "The compliance statement for SNMPv2 entities 1332 which implement the Party MIB, and support an 1333 authentication protocol, but do not support any 1334 privacy protocols (i.e., only the noAuth, 1335 v2md5AuthProtocol, and noPriv protocols are 1336 supported)." 1337 MODULE -- this module 1338 MANDATORY-GROUPS { partyMIBGroup } 1339 ::= { partyMIBCompliances 2 } 1340 1341 partyPrivacyCompliance MODULE-COMPLIANCE 1342 STATUS current 1343 DESCRIPTION 1344 "The compliance statement for SNMPv2 entities 1345 which implement the Party MIB, support an 1346 authentication protocol, and support a privacy 1347 protocol ONLY for the purpose of accessing 1348 security parameters. 1349 1350 For all aclTable entries authorizing a subject 1351 and/or target SNMPv2 party whose privacy protocol 1352 is desPrivProtocol, to be used in accessing a 1353 SNMPv2 context, the MIB view for that SNMPv2 1354 context shall include only those objects 1355 subordinate to partyMIBObjects, or a subset 1356 thereof, e.g., 1357 viewSubtree = { partyMIBObjects } 1358 viewMask = ''H 1359 viewType = { included } 1360 1361 Any attempt to configure an entry in the 1362 partyTable, the contextTable, the aclTable or the 1363 viewTable such that a party using the 1364 desPrivProtocol would be authorized for use in 1365 accessing objects outside of the partyMIBObjects 1366 subtree shall result in the appropriate error 1367 response (e.g., wrongValue or inconsistentValue)." 1368 MODULE -- this module 1369 MANDATORY-GROUPS { partyMIBGroup } 1370 ::= { partyMIBCompliances 3 } 1371 1372 fullPrivacyCompliance MODULE-COMPLIANCE 1373 STATUS current 1374 DESCRIPTION 1375 "The compliance statement for SNMPv2 entities 1376 which implement the Party MIB, support an 1377 authentication protocol, and support a privacy 1378 protocol without restrictions on its use." 1379 MODULE -- this module 1380 MANDATORY-GROUPS { partyMIBGroup } 1381 ::= { partyMIBCompliances 4 } 1382 1383 -- units of conformance 1384 1385 partyMIBGroup OBJECT-GROUP 1386 OBJECTS { partyIndex, partyTDomain, partyTAddress, 1387 partyMaxMessageSize, partyLocal, 1388 partyAuthProtocol, partyAuthClock, 1389 partyAuthPrivate, partyAuthPublic, 1390 partyAuthLifetime, partyPrivProtocol, 1391 partyPrivPrivate, partyPrivPublic, 1392 partyStorageType, partyStatus, 1393 partyCloneFrom, 1394 contextIndex, contextLocal, 1395 contextViewIndex, contextLocalEntity, 1396 contextLocalTime, contextStorageType, 1397 contextStatus, aclTarget, aclSubject, 1398 aclPrivileges, aclStorageType, aclStatus, 1399 viewMask, viewType, viewStorageType, viewStatus } 1400 STATUS current 1401 DESCRIPTION 1402 "The collection of objects allowing the 1403 description and configuration of SNMPv2 parties. 1404 1405 Note that objects which support proxy 1406 relationships are not included in this conformance 1407 group." 1408 ::= { partyMIBGroups 1 } 1409 1410 END 1411