blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search:
2.2.1. Initial Party and Context Identifiers Connected: An Internet Encyclopedia
2.2.1. Initial Party and Context Identifiers

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1447
Up: 2. Definitions
Up: 2.2. Administrative Assignments
Prev: 2.2. Administrative Assignments
Next: 2.3. Object Assignments

2.2.1. Initial Party and Context Identifiers

2.2.1. Initial Party and Context Identifiers

   -- Definition of Initial Party and Context Identifiers

   -- When devices are installed, they need to be configured
   -- with an initial set of SNMPv2 parties and contexts.  The
   -- configuration of SNMPv2 parties and contexts requires (among
   -- other things) the assignment of several OBJECT IDENTIFIERs.
   -- Any local network administration can obtain the delegated
   -- authority necessary to assign its own OBJECT IDENTIFIERs.
   -- However, to provide for those administrations who have not
   -- obtained the necessary authority, this document allocates a
   -- branch of the naming tree for use with the following
   -- conventions.

   initialPartyId OBJECT IDENTIFIER ::= { partyAdmin 3 }

   initialContextId
                  OBJECT IDENTIFIER ::= { partyAdmin 4 }

   -- Note these are identified as "initial" party and context
   -- identifiers since these allow secure SNMPv2 communication
   -- to proceed, thereby allowing further SNMPv2 parties to be
   -- configured through use of the SNMPv2 itself.

   -- The following definitions identify a party identifier, and
   -- specify the initial values of various object instances
   -- indexed by that identifier.  In addition, the SNMPv2
   -- context, access control policy, and MIB view information
   -- assigned, by convention, are identified.

   -- Party Identifiers for use as initial SNMPv2 parties
   --       at IP address  a.b.c.d

   -- Note that for all OBJECT IDENTIFIERs assigned under
   -- initialPartyId, the four sub-identifiers immediately
   -- following initialPartyId represent the four octets of
   -- an IP address.  Initial party identifiers for other address
   -- families are assigned under a different OBJECT IDENTIFIER,
   -- as defined elsewhere.

   -- Devices which support SNMPv2 as entities acting in an
   -- agent role, and accessed via the snmpUDPDomain transport
   -- domain, are required to be configured with the appropriate
   -- set of the following as implicit assignments as and when
   -- they are configured with an IP address.  The appropriate
   -- set is all those applicable to the authentication and
   -- privacy protocols supported by the device.

   --      a noAuth/noPriv party which executes at the agent
   -- partyIdentity            = { initialPartyId a b c d 1 }
   -- partyIndex               = 1
   -- partyTDomain             = snmpUDPDomain
   -- partyTAddress            = a.b.c.d, 161
   -- partyLocal               = true (in agent's database)
   -- partyAuthProtocol        = noAuth
   -- partyAuthClock           = 0
   -- partyAuthPrivate         = ''H    (the empty string)
   -- partyAuthPublic          = ''H    (the empty string)
   -- partyAuthLifetime        = 0
   -- partyPrivProtocol        = noPriv
   -- partyPrivPrivate         = ''H    (the empty string)
   -- partyPrivPublic          = ''H    (the empty string)

   --      a noAuth/noPriv party which executes at a manager
   -- partyIdentity            = { initialPartyId a b c d 2 }
   -- partyIndex               = 2
   -- partyTDomain             = snmpUDPDomain
   -- partyTAddress            = assigned by local administration
   -- partyLocal               = false (in agent's database)
   -- partyAuthProtocol        = noAuth
   -- partyAuthClock           = 0
   -- partyAuthPrivate         = ''H    (the empty string)
   -- partyAuthPublic          = ''H    (the empty string)
   -- partyAuthLifetime        = 0
   -- partyPrivProtocol        = noPriv
   -- partyPrivPrivate         = ''H    (the empty string)
   -- partyPrivPublic          = ''H    (the empty string)

   --      a md5Auth/noPriv party which executes at the agent
   -- partyIdentity            = { initialPartyId a b c d 3 }
   -- partyIndex               = 3
   -- partyTDomain             = snmpUDPDomain
   -- partyTAddress            = a.b.c.d, 161
   -- partyLocal               = true (in agent's database)
   -- partyAuthProtocol        = v2md5AuthProtocol
   -- partyAuthClock           = 0
   -- partyAuthPrivate         = assigned by local administration
   -- partyAuthPublic          = ''H    (the empty string)
   -- partyAuthLifetime        = 300
   -- partyPrivProtocol        = noPriv
   -- partyPrivPrivate         = ''H    (the empty string)
   -- partyPrivPublic          = ''H    (the empty string)

   --      a md5Auth/noPriv party which executes at a manager
   -- partyIdentity            = { initialPartyId a b c d 4 }
   -- partyIndex               = 4
   -- partyTDomain             = snmpUDPDomain
   -- partyTAddress            = assigned by local administration
   -- partyLocal               = false (in agent's database)
   -- partyAuthProtocol        = v2md5AuthProtocol
   -- partyAuthClock           = 0
   -- partyAuthPrivate         = assigned by local administration
   -- partyAuthPublic          = ''H    (the empty string)
   -- partyAuthLifetime        = 300
   -- partyPrivProtocol        = noPriv
   -- partyPrivPrivate         = ''H    (the empty string)
   -- partyPrivPublic          = ''H    (the empty string)

   --      a md5Auth/desPriv party which executes at the agent
   -- partyIdentity            = { initialPartyId a b c d 5 }
   -- partyIndex               = 5
   -- partyTDomain             = snmpUDPDomain
   -- partyTAddress            = a.b.c.d, 161
   -- partyLocal               = true (in agent's database)
   -- partyAuthProtocol        = v2md5AuthProtocol
   -- partyAuthClock           = 0
   -- partyAuthPrivate         = assigned by local administration
   -- partyAuthPublic          = ''H    (the empty string)
   -- partyAuthLifetime        = 300
   -- partyPrivProtocol        = desPrivProtocol
   -- partyPrivPrivate         = assigned by local administration
   -- partyPrivPublic          = ''H    (the empty string)

   --      a md5Auth/desPriv party which executes at a manager
   -- partyIdentity            = { initialPartyId a b c d 6 }
   -- partyIndex               = 6
   -- partyTDomain             = snmpUDPDomain
   -- partyTAddress            = assigned by local administration
   -- partyLocal               = false (in agent's database)
   -- partyAuthProtocol        = v2md5AuthProtocol
   -- partyAuthClock           = 0
   -- partyAuthPrivate         = assigned by local administration
   -- partyAuthPublic          = ''H    (the empty string)
   -- partyAuthLifetime        = 300
   -- partyPrivProtocol        = desPrivProtocol
   -- partyPrivPrivate         = assigned by local administration
   -- partyPrivPublic          = ''H    (the empty string)

   -- the initial SNMPv2 contexts assigned, by convention, are:

   -- contextIdentity          = { initialContextId a b c d 1 }
   -- contextIndex             = 1
   -- contextLocal             = true (in agent's database)
   -- contextViewIndex         = 1
   -- contextLocalEntity       = ''H    (the empty string)
   -- contextLocalTime         = currentTime
   -- contextProxyDstParty     = { 0 0 }
   -- contextProxySrcParty     = { 0 0 }
   -- contextProxyContext      = { 0 0 }

   -- contextIdentity          = { initialContextId a b c d 2 }
   -- contextIndex             = 2
   -- contextLocal             = true (in agent's database)
   -- contextViewIndex         = 2
   -- contextLocalEntity       = ''H    (the empty string)
   -- contextLocalTime         = currentTime
   -- contextProxyDstParty     = { 0 0 }
   -- contextProxySrcParty     = { 0 0 }
   -- contextProxyContext      = { 0 0 }

-- The initial access control policy assigned, by
-- convention, is:

-- aclTarget                =   1
-- aclSubject               =   2
-- aclResources             =   1
-- aclPrivileges            =  35 (Get, Get-Next & Get-Bulk)

-- aclTarget                =   2
-- aclSubject               =   1
-- aclResources             =   1
-- aclPrivileges            = 132 (Response & SNMPv2-Trap)

-- aclTarget                =   3
-- aclSubject               =   4
-- aclResources             =   2
-- aclPrivileges            =  43 (Get, Get-Next, Set & Get-Bulk)

-- aclTarget                =   4
-- aclSubject               =   3
-- aclResources             =   2
-- aclPrivileges            =   4 (Response)

-- aclTarget                =   5
-- aclSubject               =   6
-- aclResources             =   2
-- aclPrivileges            =  43 (Get, Get-Next, Set & Get-Bulk)

-- aclTarget                =   6
-- aclSubject               =   5
-- aclResources             =   2
-- aclPrivileges            =   4 (Response)

-- Note that the initial context and access control
-- information assigned above, by default, to the
-- md5Auth/desPriv parties are identical to those assigned to
-- the md5Auth/noPriv parties.  However, each administration
-- may choose to have different authorization policies,
-- depending on whether privacy is used.

   -- The initial MIB views assigned, by convention, are:

   -- viewIndex                = 1
   -- viewSubtree              = system
   -- viewMask                 = ''H
   -- viewType                 = included

   -- viewIndex                = 1
   -- viewSubtree              = snmpStats
   -- viewMask                 = ''H
   -- viewType                 = included

   -- viewIndex                = 1
   -- viewSubtree              = snmpParties
   -- viewMask                 = ''H
   -- viewType                 = included

   -- viewIndex                = 2
   -- viewSubtree              = internet
   -- viewMask                 = ''H
   -- viewType                 = included

   -- Note that full access to the partyTable, contextTable,
   -- aclTable, and viewTable gives a manager the ability to
   -- configure any parties with any/all capabilities (the
   -- equivalent of "root" access).  A lesser manager can be
   -- given access only to the partyTable so that it can
   -- maintain its own parties, but not increase/decrease
   -- their capabilities.  Such a lesser manager can also
   -- create new parties but they are of no use to it.


Next: 2.3. Object Assignments

Connected: An Internet Encyclopedia
2.2.1. Initial Party and Context Identifiers

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609