SNMP-VACM-AAA-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF MODULE-IDENTITY, OBJECT-TYPE, mib-2, Unsigned32 FROM SNMPv2-SMI SnmpAdminString, SnmpSecurityModel FROM SNMP-FRAMEWORK-MIB; vacmAaaMIB MODULE-IDENTITY LAST-UPDATED "201012090000Z" -- 9 December 2010 ORGANIZATION "ISMS Working Group" CONTACT-INFO "WG-email: isms@ietf.org" DESCRIPTION "The management and local datastore information definitions for the AAA-Enabled View-based Access Control Model for SNMP. Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this MIB module is part of RFC 6065; see the RFC itself for full legal notices." REVISION "201012090000Z" DESCRIPTION "Initial version, published as RFC 6065." ::= { mib-2 199 } vacmAaaMIBObjects OBJECT IDENTIFIER ::= { vacmAaaMIB 1 } vacmAaaMIBConformance OBJECT IDENTIFIER ::= { vacmAaaMIB 2 } vacmAaaSecurityToGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF VacmAaaSecurityToGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides a listing of all currently active sessions for which a mapping of the combination of SnmpSecurityModel and securityName into the name of a VACM group has been provided by an AAA service. The group name (in VACM) in turn identifies an access control policy to be used for the corresponding principals." REFERENCE "RFC 3411, Section 3.2.2, defines securityName." ::= { vacmAaaMIBObjects 1 } vacmAaaSecurityToGroupEntry OBJECT-TYPE SYNTAX VacmAaaSecurityToGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table maps the combination of a SnmpSecurityModel and securityName into the name of a VACM group defining the access control policy that is to govern a particular session. Each entry corresponds to a session. Entries do not persist across reboots. An entry is created whenever an indication occurs that a new session has been established that would not have the same index values as an existing entry. When a session is torn down, disconnected, timed out (e.g., following the RADIUS Session-Timeout Attribute), or otherwise terminated for any reason, the corresponding vacmAaaSecurityToGroupEntry is deleted." REFERENCE "RFC 3411, Section 3.2.2, defines securityName." INDEX { vacmAaaSecurityModel, vacmAaaSecurityName, vacmAaaSessionID } ::= { vacmAaaSecurityToGroupTable 1 } VacmAaaSecurityToGroupEntry ::= SEQUENCE { vacmAaaSecurityModel SnmpSecurityModel, vacmAaaSecurityName SnmpAdminString, vacmAaaSessionID Unsigned32, vacmAaaGroupName SnmpAdminString } vacmAaaSecurityModel OBJECT-TYPE SYNTAX SnmpSecurityModel(1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The security model associated with the AAA binding represented by this entry. This object cannot take the 'any' (0) value." ::= { vacmAaaSecurityToGroupEntry 1 } vacmAaaSecurityName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The securityName of the principal associated with the AAA binding represented by this entry. In RADIUS environments, this corresponds to the User-Name Attribute." REFERENCE "RFC 3411, Section 3.2.2, defines securityName, and RFC 2865, Section 5.1, defines User-Name." ::= { vacmAaaSecurityToGroupEntry 2 } vacmAaaSessionID OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An implementation-dependent identifier of the session. This value MUST be unique among all currently open sessions of all of this SNMP engine's transport models. The value has no particular significance other than to distinguish sessions. Implementations in which tmSessionID has a compatible syntax and is unique across all transport models MAY use that value." REFERENCE "The Abstract Service Interface parameter tmSessionID is defined in RFC 5590, Section 5.2.4." ::= { vacmAaaSecurityToGroupEntry 3 } vacmAaaGroupName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the group to which this entry is to belong. In RADIUS environments, this comes from the RADIUS Management-Policy-Id Attribute. When the appropriate conditions are met, the value of this object is applied the vacmGroupName in the corresponding vacmSecurityToGroupEntry." REFERENCE "RFC 3415" ::= { vacmAaaSecurityToGroupEntry 4 } -- Conformance information ****************************************** vacmAaaMIBCompliances OBJECT IDENTIFIER ::= {vacmAaaMIBConformance 1} vacmAaaMIBGroups OBJECT IDENTIFIER ::= {vacmAaaMIBConformance 2} -- compliance statements vacmAaaMIBBasicCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP engines implementing the AAA-Enabled View-based Access Control Model for SNMP." MODULE -- this module MANDATORY-GROUPS { vacmAaaGroup } ::= { vacmAaaMIBCompliances 1 } -- units of conformance vacmAaaGroup OBJECT-GROUP OBJECTS { vacmAaaGroupName } STATUS current DESCRIPTION "A collection of objects for supporting the use of AAA services to provide user-to-group mappings for VACM." ::= { vacmAaaMIBGroups 1 } END