SNMP-VACM-AAA-MIB DEFINITIONS ::= BEGIN
 
IMPORTS
    MODULE-COMPLIANCE, OBJECT-GROUP       FROM SNMPv2-CONF
    MODULE-IDENTITY, OBJECT-TYPE,
    mib-2,
    Unsigned32                            FROM SNMPv2-SMI
    SnmpAdminString,
    SnmpSecurityModel                     FROM SNMP-FRAMEWORK-MIB;
 
vacmAaaMIB    MODULE-IDENTITY
    LAST-UPDATED "201012090000Z"          -- 9 December 2010
    ORGANIZATION "ISMS Working Group"
    CONTACT-INFO "WG-email:   isms@ietf.org"
 
    DESCRIPTION  "The management and local datastore information
                  definitions for the AAA-Enabled View-based Access
                  Control Model for SNMP.
 
                  Copyright (c) 2010 IETF Trust and the persons
                  identified as the document authors.  All rights
                  reserved.
 
                  Redistribution and use in source and binary forms,
                  with or without modification, is permitted pursuant
                  to, and subject to the license terms contained in,
                  the Simplified BSD License set forth in Section
                  4.c of the IETF Trust's Legal Provisions Relating
                  to IETF Documents
                  (http://trustee.ietf.org/license-info).
 
                  This version of this MIB module is part of RFC 6065;
                  see the RFC itself for full legal notices."
 
    REVISION "201012090000Z"
    DESCRIPTION "Initial version, published as RFC 6065."
 
     ::= { mib-2 199 }
 
vacmAaaMIBObjects   OBJECT IDENTIFIER ::= { vacmAaaMIB 1 }
 
vacmAaaMIBConformance OBJECT IDENTIFIER ::= { vacmAaaMIB 2 }
 
vacmAaaSecurityToGroupTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF VacmAaaSecurityToGroupEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "This table provides a listing of all currently active
                 sessions for which a mapping of the combination of
                 SnmpSecurityModel and securityName into the name of
                 a VACM group has been provided by an AAA service.
                 The group name (in VACM) in turn identifies an access
                 control policy to be used for the corresponding
                 principals."
    REFERENCE   "RFC 3411, Section 3.2.2, defines securityName."
    ::= { vacmAaaMIBObjects 1 }
 
vacmAaaSecurityToGroupEntry OBJECT-TYPE
    SYNTAX       VacmAaaSecurityToGroupEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "An entry in this table maps the combination of a
                 SnmpSecurityModel and securityName into the name
                 of a VACM group defining the access control policy
                 that is to govern a particular session.
 
                 Each entry corresponds to a session.
 
                 Entries do not persist across reboots.
 
                 An entry is created whenever an indication occurs
                 that a new session has been established that would
                 not have the same index values as an existing entry.
 
                 When a session is torn down, disconnected, timed out
                 (e.g., following the RADIUS Session-Timeout Attribute),
                 or otherwise terminated for any reason, the
                 corresponding vacmAaaSecurityToGroupEntry is deleted."
    REFERENCE   "RFC 3411, Section 3.2.2, defines securityName."
    INDEX       {
                  vacmAaaSecurityModel,
                  vacmAaaSecurityName,
                  vacmAaaSessionID
                }
    ::= { vacmAaaSecurityToGroupTable 1 }
 
VacmAaaSecurityToGroupEntry ::= SEQUENCE
    {
        vacmAaaSecurityModel            SnmpSecurityModel,
        vacmAaaSecurityName             SnmpAdminString,
        vacmAaaSessionID                Unsigned32,
        vacmAaaGroupName                SnmpAdminString
    }
 
vacmAaaSecurityModel OBJECT-TYPE
    SYNTAX       SnmpSecurityModel(1..2147483647)
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "The security model associated with the AAA binding
                 represented by this entry.
 
                 This object cannot take the 'any' (0) value."
    ::= { vacmAaaSecurityToGroupEntry 1 }
 
vacmAaaSecurityName OBJECT-TYPE
    SYNTAX       SnmpAdminString (SIZE(1..32))
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "The securityName of the principal associated with the
                 AAA binding represented by this entry.  In RADIUS
                 environments, this corresponds to the User-Name
                 Attribute."
    REFERENCE   "RFC 3411, Section 3.2.2, defines securityName, and
                 RFC 2865, Section 5.1, defines User-Name."
    ::= { vacmAaaSecurityToGroupEntry 2 }
 
vacmAaaSessionID OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "An implementation-dependent identifier of the session.
 
                 This value MUST be unique among all currently open
                 sessions of all of this SNMP engine's transport models.
                 The value has no particular significance other than to
                 distinguish sessions.
 
                 Implementations in which tmSessionID has a compatible
                 syntax and is unique across all transport models MAY
                 use that value."
    REFERENCE   "The Abstract Service Interface parameter tmSessionID
                 is defined in RFC 5590, Section 5.2.4."
    ::= { vacmAaaSecurityToGroupEntry 3 }
 
 
vacmAaaGroupName    OBJECT-TYPE
    SYNTAX       SnmpAdminString (SIZE(1..32))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The name of the group to which this entry is to belong.
                 In RADIUS environments, this comes from the RADIUS
                 Management-Policy-Id Attribute.
 
                 When the appropriate conditions are met,
                 the value of this object is applied the vacmGroupName
                 in the corresponding vacmSecurityToGroupEntry."
    REFERENCE    "RFC 3415"
    ::= { vacmAaaSecurityToGroupEntry 4 }
 
 
-- Conformance information ******************************************
 
vacmAaaMIBCompliances
               OBJECT IDENTIFIER ::= {vacmAaaMIBConformance 1}
vacmAaaMIBGroups
               OBJECT IDENTIFIER ::= {vacmAaaMIBConformance 2}
 
-- compliance statements
 
vacmAaaMIBBasicCompliance MODULE-COMPLIANCE
    STATUS       current
    DESCRIPTION "The compliance statement for SNMP engines implementing
                 the AAA-Enabled View-based Access Control Model for
                 SNMP."
    MODULE    -- this module
        MANDATORY-GROUPS { vacmAaaGroup }
 
    ::= { vacmAaaMIBCompliances 1 }
 
-- units of conformance
 
vacmAaaGroup OBJECT-GROUP
    OBJECTS {
              vacmAaaGroupName
            }
    STATUS       current
    DESCRIPTION "A collection of objects for supporting the use of AAA
                 services to provide user-to-group mappings for VACM."
    ::= { vacmAaaMIBGroups 1 }
 
END