Network Working Group                                           M. Bakke
Request for Comments: 4545                                 Cisco Systems
Category: Standards Track                                      J. Muchow
                                                            Qlogic Corp.
                                                                May 2006
        
Network Working Group                                           M. Bakke
Request for Comments: 4545                                 Cisco Systems
Category: Standards Track                                      J. Muchow
                                                            Qlogic Corp.
                                                                May 2006
        

Definitions of Managed Objects for IP Storage User Identity Authorization

IP存储用户身份授权的托管对象定义

Status of This Memo

关于下段备忘

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2006).

版权所有(C)互联网协会(2006年)。

Abstract

摘要

This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP-based internets. In particular, it defines objects for managing user identities and the names, addresses, and credentials required manage access control, for use with various protocols. This document was motivated by the need for the configuration of authorized user identities for the iSCSI protocol, but has been extended to be useful for other protocols that have similar requirements. It is important to note that this MIB module provides only the set of identities to be used within access lists; it is the responsibility of other MIB modules making use of this one to tie them to their own access lists or other authorization control methods.

此备忘录定义了管理信息库(MIB)的一部分,用于基于TCP/IP的Internet中的网络管理协议。特别是,它定义了用于管理用户身份以及管理访问控制所需的名称、地址和凭据的对象,以便与各种协议一起使用。本文档的动机是需要为iSCSI协议配置授权用户身份,但已扩展到适用于具有类似要求的其他协议。需要注意的是,此MIB模块仅提供访问列表中要使用的标识集;其他MIB模块有责任使用此模块将其绑定到自己的访问列表或其他授权控制方法。

Table of Contents

目录

   1. Introduction ....................................................3
   2. Specification of Requirements ...................................3
   3. The Internet-Standard Management Framework ......................3
   4. Relationship to Other MIB Modules ...............................3
   5. Relationship to the USM MIB Module ..............................4
   6. Relationship to SNMP Contexts ...................................5
   7. Discussion ......................................................5
      7.1. Authorization MIB Object Model .............................5
      7.2. ipsAuthInstance ............................................6
      7.3. ipsAuthIdentity ............................................7
      7.4. ipsAuthIdentityName ........................................7
      7.5. ipsAuthIdentityAddress .....................................8
      7.6. ipsAuthCredential ..........................................8
      7.7. IP, Fibre Channel, and Other Addresses .....................9
      7.8. Descriptors: Using OIDs in Place of Enumerated Types ......10
      7.9. Notifications .............................................10
   8. MIB Definitions ................................................11
   9. Security Considerations ........................................35
      9.1. MIB Security Considerations ...............................35
      9.2. Other Security Considerations .............................38
   10. IANA Considerations ...........................................40
   11. Normative References ..........................................40
   12. Informative References ........................................41
   13. Acknowledgements ..............................................41
        
   1. Introduction ....................................................3
   2. Specification of Requirements ...................................3
   3. The Internet-Standard Management Framework ......................3
   4. Relationship to Other MIB Modules ...............................3
   5. Relationship to the USM MIB Module ..............................4
   6. Relationship to SNMP Contexts ...................................5
   7. Discussion ......................................................5
      7.1. Authorization MIB Object Model .............................5
      7.2. ipsAuthInstance ............................................6
      7.3. ipsAuthIdentity ............................................7
      7.4. ipsAuthIdentityName ........................................7
      7.5. ipsAuthIdentityAddress .....................................8
      7.6. ipsAuthCredential ..........................................8
      7.7. IP, Fibre Channel, and Other Addresses .....................9
      7.8. Descriptors: Using OIDs in Place of Enumerated Types ......10
      7.9. Notifications .............................................10
   8. MIB Definitions ................................................11
   9. Security Considerations ........................................35
      9.1. MIB Security Considerations ...............................35
      9.2. Other Security Considerations .............................38
   10. IANA Considerations ...........................................40
   11. Normative References ..........................................40
   12. Informative References ........................................41
   13. Acknowledgements ..............................................41
        
1. Introduction
1. 介绍

This MIB module will be used to configure and/or look at the configuration of user identities and their credential information. For the purposes of this MIB module, a "user" identity does not need to be an actual person; a user can also be a host, an application, a cluster of hosts, or any other identifiable entity that can be authorized to access a resource.

此MIB模块将用于配置和/或查看用户身份及其凭据信息的配置。就本MIB模块而言,“用户”身份不需要是实际的人;用户还可以是主机、应用程序、主机集群或任何其他可授权访问资源的可识别实体。

Most objects in this MIB module have a MAX-ACCESS of read-create; this module is intended to allow configuration of user identities and their names, addresses, and credentials. MIN-ACCESS for all objects is read-only for those implementations that configure through other means, but require the ability to monitor user identities.

此MIB模块中的大多数对象具有读取-创建的最大访问权限;此模块旨在允许配置用户身份及其名称、地址和凭据。对于那些通过其他方式进行配置但需要监控用户身份的实现,所有对象的最小访问权限都是只读的。

2. Specification of Requirements
2. 需求说明

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。

3. The Internet-Standard Management Framework
3. 因特网标准管理框架

For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410].

有关描述当前互联网标准管理框架的文件的详细概述,请参阅RFC 3410[RFC3410]第7节。

Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580].

托管对象通过虚拟信息存储(称为管理信息库或MIB)进行访问。MIB对象通常通过简单网络管理协议(SNMP)进行访问。MIB中的对象是使用管理信息结构(SMI)中定义的机制定义的。本备忘录规定了符合SMIv2的MIB模块,如STD 58、RFC 2578[RFC2578]、STD 58、RFC 2579[RFC2579]和STD 58、RFC 2580[RFC2580]所述。

4. Relationship to Other MIB Modules
4. 与其他MIB模块的关系

The IPS-AUTH-MIB module does not directly address objects within other modules. The identity address objects contain IPv4, IPv6, or other address types, and as such they may be indirectly related to objects within the IP [RFC4293] MIB module.

IPS-AUTH-MIB模块不直接寻址其他模块中的对象。标识地址对象包含IPv4、IPv6或其他地址类型,因此它们可能与IP[RFC4293]MIB模块内的对象间接相关。

This MIB module does not provide actual authorization or access control lists; it provides a means to identify entities that can be included in other authorization lists. This should generally be done in MIB modules that reference identities in this one. It also does not cover login or authentication failure statistics or

此MIB模块不提供实际授权或访问控制列表;它提供了一种识别可包括在其他授权列表中的实体的方法。这通常应该在引用此标识的MIB模块中完成。它也不包括登录或身份验证失败统计信息或

notifications, as these are all fairly application specific and are not generic enough to be included here.

通知,因为它们都是相当特定于应用程序的,并且不够通用,因此不能包含在这里。

The user identity objects within this module are typically referenced from other modules by a RowPointer within that module. A module containing resources for which it requires a list of authorized user identities may create such a list, with a single RowPointer within each list element pointing to a user identity within this module. This is neither required nor restricted by this MIB module.

此模块中的用户标识对象通常由该模块中的行指针从其他模块引用。包含需要授权用户标识列表的资源的模块可以创建这样的列表,每个列表元素中的一个行指针指向该模块中的用户标识。此MIB模块既不需要也不限制此操作。

5. Relationship to the USM MIB Module
5. 与USM MIB模块的关系

The User-based Security Model (USM) [RFC3414] also defines the concept of a user, defining authentication and privacy protocols and their credentials. The definition of USM includes the SNMP-USER-BASED-SM-MIB module allows configuration of SNMPv3 user credentials to protect SNMPv3 messages. Although USM's users are not related to the user identities managed by the IPS-AUTH-MIB module defined in this document, USM will often be implemented on the same system as the IPS-AUTH-MIB module, with the SNMP-USER-BASED-SM-MIB module used to manage the security protecting SNMPv3 messages, including those that access the IPS-AUTH-MIB module.

基于用户的安全模型(USM)[RFC3414]还定义了用户的概念,定义了身份验证和隐私协议及其凭据。USM的定义包括SNMP-USER-BASED-SM-MIB模块,该模块允许配置SNMPv3用户凭据以保护SNMPv3消息。尽管USM的用户与本文档中定义的IPS-AUTH-MIB模块管理的用户身份无关,但USM通常会在与IPS-AUTH-MIB模块相同的系统上实现,基于SNMP-user-SM-MIB模块用于管理安全保护SNMPv3消息,包括访问IPS-AUTH-MIB模块的消息。

The term "user" in this document is distinct from an SNMPv3 user and is intended to include, but is not limited to, users of IP storage devices. A "user" in this document is a collection of user names (unique identifiers), user addresses, and credentials that can be used together to determine whether an entity should be allowed access to a resource. Each user can have multiple names, addresses, and credentials. As a result, this MIB module is particularly suited to managing users of storage resources, which are typically given access control lists consisting of potentially multiple identifiers, addresses, and credentials. This MIB module provides for authorization lists only and does not include setting of data privacy parameters.

本文档中的术语“用户”与SNMPv3用户不同,旨在包括但不限于IP存储设备的用户。本文档中的“用户”是用户名(唯一标识符)、用户地址和凭据的集合,可用于确定是否允许实体访问资源。每个用户可以有多个名称、地址和凭据。因此,此MIB模块特别适合于管理存储资源的用户,这些存储资源通常具有访问控制列表,其中包含潜在的多个标识符、地址和凭据。此MIB模块仅提供授权列表,不包括数据隐私参数的设置。

In contrast, an SNMPv3 user as defined in [RFC3414] has exactly one user-name, one authentication protocol, and one privacy protocol, along with their associated information and SNMP-specific information, such as an engine ID. These objects are defined to support exactly the information needed for SNMPv3 security.

相反,[RFC3414]中定义的SNMPv3用户正好有一个用户名、一个身份验证协议和一个隐私协议,以及它们的相关信息和SNMP特定信息,如引擎ID。这些对象的定义正好支持SNMPv3安全性所需的信息。

For the remainder of this document, the term "user" means an IPS-AUTH-MIB user identity.

对于本文件的其余部分,术语“用户”是指IPS-AUTH-MIB用户标识。

6. Relationship to SNMP Contexts
6. 与SNMP上下文的关系

Each non-scalar object in the IPS-AUTH-MIB module is indexed first by an instance. Each instance is a collection of identities that can be used to authorize access to a resource. The use of an instance works well with partitionable or hierarchical devices and fits in logically with other management schemes. Instances do not replace SNMP contexts; however, they do provide a very simple way to assign a collection of identities within a device to one or more SNMP contexts, without having to do so for each identity's row.

IPS-AUTH-MIB模块中的每个非标量对象首先由实例索引。每个实例都是一组标识,可用于授权对资源的访问。实例的使用适用于可分区或分层设备,并在逻辑上与其他管理方案相适应。实例不替换SNMP上下文;但是,它们确实提供了一种非常简单的方法,可以将设备中的标识集合分配给一个或多个SNMP上下文,而无需对每个标识的行进行分配。

7. Discussion
7. 讨论

This MIB module structure is intended to allow the configuration of a list of user identities, each with a list of names, addresses, credentials, and certificates that, when combined, will distinguish that identity.

此MIB模块结构旨在允许配置用户标识列表,每个用户标识都有一个名称、地址、凭据和证书列表,当组合起来时,这些名称、地址、凭据和证书将区分该标识。

The IPS-AUTH-MIB module is structured around two primary "objects", the authorization instance and the identity, which serve as containers for the remainder of the objects. This section contains a brief description of the "object" hierarchy and a description of each object, followed by a discussion of the actual SNMP table structure within the objects.

IPS-AUTH-MIB模块围绕两个主要“对象”构建,即授权实例和标识,它们充当其余对象的容器。本节简要介绍“对象”层次结构和每个对象的描述,然后讨论对象中的实际SNMP表结构。

7.1. Authorization MIB Object Model
7.1. 授权MIB对象模型

The top-level object in this structure is the authorization instance, which "contains" all of the other objects. The indexing hierarchy of this module looks like:

此结构中的顶级对象是授权实例,它“包含”所有其他对象。此模块的索引层次结构如下所示:

   ipsAuthInstance
      -- A distinct authorization entity within the managed system.
      -- Most implementations will have just one of these.
      ipsAuthIdentity
         -- A user identity, consisting of a set of identity names,
         -- addresses, and credentials reflected in the following
         -- objects:
         ipsAuthIdentityName
            -- A name for a user identity.  A name should be globally
            -- unique, and unchanging over time.  Some protocols may
            -- not require this one.
         ipsAuthIdentityAddress
            -- An address range, typically but not necessarily an
            -- IPv4, IPv6, or Fibre Channel address range, at which
            -- the identity is allowed to reside.
         ipsAuthCredential
            -- A single credential, such as a CHAP username,
        
   ipsAuthInstance
      -- A distinct authorization entity within the managed system.
      -- Most implementations will have just one of these.
      ipsAuthIdentity
         -- A user identity, consisting of a set of identity names,
         -- addresses, and credentials reflected in the following
         -- objects:
         ipsAuthIdentityName
            -- A name for a user identity.  A name should be globally
            -- unique, and unchanging over time.  Some protocols may
            -- not require this one.
         ipsAuthIdentityAddress
            -- An address range, typically but not necessarily an
            -- IPv4, IPv6, or Fibre Channel address range, at which
            -- the identity is allowed to reside.
         ipsAuthCredential
            -- A single credential, such as a CHAP username,
        
            -- which can be used to verify the identity.
            ipsAuthCredChap
               -- CHAP-specific attributes for an ipsAuthCredential
            ipsAuthCredSrp
               -- SRP-specific attributes
            ipsAuthCredKerberos
               -- Kerberos-specific attributes
        
            -- which can be used to verify the identity.
            ipsAuthCredChap
               -- CHAP-specific attributes for an ipsAuthCredential
            ipsAuthCredSrp
               -- SRP-specific attributes
            ipsAuthCredKerberos
               -- Kerberos-specific attributes
        

Each identity contains the information necessary to identify a particular end-point that wishes to access a service, such as iSCSI.

每个标识都包含标识希望访问服务(如iSCSI)的特定端点所需的信息。

An identity can contain multiple names, addresses, and credentials. Each of these names, addresses, and credentials exists in its own row. If multiple rows of one of these three types are present, they are treated in an "OR" fashion; an entity to be authorized need only match one of the rows. If rows of different types are present (e.g., a name and an address), these are treated in an "AND" fashion; an entity to be authorized must match at least one row from each category. If there are no rows present of a category, this category is ignored.

标识可以包含多个名称、地址和凭据。每个名称、地址和凭据都存在于其自己的行中。如果存在这三种类型之一的多行,则以“或”方式处理它们;要授权的实体只需匹配其中一行。如果存在不同类型的行(例如,名称和地址),则以“和”方式处理这些行;要授权的实体必须至少与每个类别中的一行匹配。如果类别中没有行,则忽略该类别。

For example, if an ipsAuthIdentity contains two rows of ipsAuthIdentityAddress, one row of ipsAuthCredential, and no rows of ipsAuthIdentityName, an entity must match the Credential row and at least one of the two Address rows to match the identity.

例如,如果一个IPAuthIdentity包含两行IPAuthIdentityAddress,一行IPAuthCredential,而没有IPAuthIdentityName,则实体必须匹配凭据行和两行地址行中的至少一行才能匹配该标识。

Index values such as ipsAuthInstIndex and ipsAuthIdentIndex are referenced in multiple tables, and rows can be added and deleted. An implementation should therefore attempt to keep all index values persistent across reboots; index values for rows that have been deleted must not be reused before a reboot.

IPSAuthinIndex和IPSAuthIdentintIndex等索引值在多个表中引用,可以添加和删除行。因此,实现应该尝试在重新启动期间保持所有索引值的持久性;重新启动前,不得重新使用已删除行的索引值。

7.2. ipsAuthInstance
7.2. ipsAuthInstance

The ipsAuthInstanceAttributesTable is the primary table of the IPS-AUTH-MIB module. Every other table entry in this module includes the index of an ipsAuthInstanceAttributesEntry as its primary index. An authorization instance is basically a managed set of identities.

IPSAuthInstanceAttribute表是IPS-AUTH-MIB模块的主表。此模块中的每个其他表项都包含IPAuthInstanceAttribute entry的索引作为其主索引。授权实例基本上是一组受管理的标识。

Many implementations will include just one authorization instance row in this table. However, there will be cases where multiple rows in this table may be used:

许多实现在此表中只包含一个授权实例行。但是,在某些情况下,可能会使用此表中的多行:

- A large system may be "partitioned" into multiple, distinct virtual systems, perhaps sharing the SNMP agent but not their lists of identities. Each virtual system would have its own authorization instance.

- 一个大型系统可能被“划分”为多个不同的虚拟系统,可能共享SNMP代理,但不共享其身份列表。每个虚拟系统都有自己的授权实例。

- A set of stackable systems, each with its own set of identities, may be represented by a common SNMP agent. Each individual system would have its own authorization instance.

- 一组可堆叠系统(每个系统都有自己的一组标识)可以由公共SNMP代理表示。每个系统都有自己的授权实例。

- Multiple protocols, each with its own set of identities, may exist within a single system and be represented by a single SNMP agent. In this case, each protocol may have its own authorization instance.

- 多个协议(每个协议都有自己的标识集)可能存在于单个系统中,并由单个SNMP代理表示。在这种情况下,每个协议可能有自己的授权实例。

An entry in this table is often referenced by its name (ipsAuthInstDescr), which should be displayed to the user by the management station. When an implementation supports only one entry in this table, the description may be returned as a zero-length string.

此表中的条目通常由其名称(IPSAuthinsdescr)引用,管理站应向用户显示该名称。当一个实现在此表中只支持一个条目时,描述可以作为零长度字符串返回。

7.3. ipsAuthIdentity
7.3. 自我身份

The ipsAuthIdentAttributesTable contains one entry for each configured user identity. The identity contains only a description of what the identity is used for; its attributes are all contained in other tables, since they can each have multiple values.

IPAuthIdentintAttributeTable为每个配置的用户标识包含一个条目。标识仅包含标识用途的描述;它的属性都包含在其他表中,因为每个表都可以有多个值。

Other MIB modules containing lists of users authorized to access a particular resource should generally contain a RowPointer to the ipsAuthIdentAttributesEntry that will, if authenticated, be allowed access to the resource.

包含有权访问特定资源的用户列表的其他MIB模块通常应包含指向IPAuthIdentityAttributeCenter的行指针,如果经过身份验证,将允许访问该资源。

All other table entries make use of the indices to this table as their primary indices.

所有其他表项都将此表的索引用作其主要索引。

7.4. ipsAuthIdentityName
7.4. IPAuthIdentityName

The ipsAuthIdentNameAttributesTable contains a list of UTF-8 names, each of which belongs to, and may be used to identify, a particular identity in the authIdentity table.

IPAuthIdentityNameAttributeTable包含UTF-8名称列表,每个名称都属于authIdentity表中的特定标识,并可用于标识该标识。

Implementations making use of the IPS-AUTH-MIB module may identify their resources by names, addresses, or both. A name is typically a unique (within the required scope), unchanging identifier for a resource. It will normally meet some or all of the requirements for a Uniform Resource Name [RFC1737], although a name in the context of this MIB module does not need to be a URN. Identifiers that typically change over time should generally be placed into the ipsAuthIdentityAddress table; names that have no uniqueness properties should usually be placed into the description attribute for the identity.

使用IPS-AUTH-MIB模块的实现可以通过名称、地址或两者来标识其资源。名称通常是资源的唯一(在所需范围内)且不变的标识符。它通常会满足统一资源名称[RFC1737]的部分或全部要求,尽管此MIB模块上下文中的名称不需要是URN。通常随时间变化的标识符通常应放入IPAuthIdentityAddress表中;没有唯一性属性的名称通常应放在标识的“描述”属性中。

An example of an identity name is the iSCSI Name, defined in [RFC3720]. Any other MIB module defining names to be used as ipsAuthIdentityName objects should specify how its names are unique, and the domain within which they are unique.

标识名称的一个示例是[RFC3720]中定义的iSCSI名称。定义要用作IPAuthIdentityName对象的名称的任何其他MIB模块都应指定其名称的唯一性,以及其唯一性所在的域。

If this table contains no entries associated with a particular user identity, the implementation does not need to check any name parameters when verifying that identity. If the table contains multiple entries associated with a particular user identity, the implementation should consider a match with any one of these entries to be valid.

如果此表不包含与特定用户标识关联的条目,则实现在验证该标识时不需要检查任何名称参数。如果表包含与特定用户标识相关联的多个条目,则实现应考虑与这些条目中的任何一个匹配才有效。

7.5. ipsAuthIdentityAddress
7.5. IPAuthIdentityAddress

The ipsAuthIdentAddrAttributesTable contains a list of addresses at which the identity may reside. For example, an identity may be allowed access to a resource only from a certain IP address, or only if its address is in a certain range or set of ranges.

IPAuthIdentintAddRattributeTable包含标识可能驻留的地址列表。例如,可能只允许标识从某个IP地址访问资源,或者仅允许标识的地址位于某个范围或一组范围内。

Each entry contains a starting and ending address. If a single address is desired in the list, both starting and ending addresses must be identical.

每个条目都包含一个起始地址和结束地址。如果列表中需要一个地址,则起始地址和结束地址必须相同。

Each entry contains an AddrType attribute. This attribute contains an enumeration registered as an IANA Address Family type [IANA-AF]. Although many implementations will use IPv4 or IPv6 address types for these entries, any IANA-registered type may be used, as long as it makes sense to the application.

每个条目都包含一个AddrType属性。此属性包含注册为IANA地址族类型[IANA-AF]的枚举。尽管许多实现将对这些条目使用IPv4或IPv6地址类型,但只要对应用程序有意义,就可以使用任何IANA注册的类型。

Matching any address within any range within the list associated with a particular identity is considered a valid match. If no entries are present in this list for a given identity, its address is automatically assumed to match the identity.

匹配与特定标识关联的列表中任何范围内的任何地址都被视为有效匹配。如果给定标识的列表中没有条目,则自动假定其地址与标识匹配。

Netmasks are not supported, since an address range can express the same thing with more flexibility. An application specifying addresses using network masks may do so, and convert to and from address ranges when reading or writing this MIB module.

不支持网络掩码,因为地址范围可以更灵活地表示相同的内容。使用网络掩码指定地址的应用程序可以这样做,并在读取或写入此MIB模块时与地址范围进行转换。

7.6. ipsAuthCredential
7.6. ipsAuthCredential

The ipsAuthCredentialAttributesTable contains a list of credentials, each of which may be used to verify a particular identity.

IPAuthCredentialAttributesTable包含凭据列表,每个凭据都可用于验证特定身份。

Each credential contains an authentication method to be used, such as CHAP [RFC1994], SRP [RFC2945], or Kerberos [RFC4120]. This attribute contains an object identifier instead of an enumerated type, allowing other MIB modules to add their own authentication methods, without modifying this MIB module.

每个凭证都包含要使用的身份验证方法,例如CHAP[RFC1994]、SRP[RFC2945]或Kerberos[RFC4120]。此属性包含对象标识符而不是枚举类型,允许其他MIB模块添加自己的身份验证方法,而无需修改此MIB模块。

For each entry in this table, there will exist an entry in another table containing its attributes. The table in which to place the entry depends on the AuthMethod attribute:

对于此表中的每个条目,另一个表中将存在一个包含其属性的条目。放置条目的表取决于AuthMethod属性:

CHAP If the AuthMethod is set to the CHAP OID, an entry using the same indices as the ipsAuthCredential will exist in the ipsAuthCredChap table, which contains the CHAP username.

CHAP如果将AuthMethod设置为CHAP OID,则包含CHAP用户名的ipsAuthCredChap表中将存在使用与ipsAuthCredential相同索引的条目。

SRP If the AuthMethod is set to the SRP OID, an entry using the same indices as the ipsAuthCredential will exist in the ipsAuthCredSrp table, which contains the SRP username.

SRP如果将AuthMethod设置为SRP OID,则ipsAuthCredSrp表中将存在一个使用与ipsAuthCredential相同索引的条目,该表包含SRP用户名。

Kerberos If the AuthMethod is set to the Kerberos OID, an entry using the same indices as the ipsAuthCredential will exist in the ipsAuthCredKerberos table, which contains the Kerberos principal.

Kerberos如果AuthMethod设置为Kerberos OID,则包含Kerberos主体的ipsAuthCredKerberos表中将存在使用与ipsAuthCredential相同索引的条目。

Other If the AuthMethod is set to any OID not defined in this module, an entry using the same indices as the ipsAuthCredential entry should be placed in the other module that define whatever attributes are needed for that type of credential.

其他如果AuthMethod设置为此模块中未定义的任何OID,则应将使用与ipsAuthCredential条目相同索引的条目放置在其他模块中,以定义该类型凭据所需的任何属性。

An additional credential type can be added to this MIB module by defining a new OID in the ipsAuthMethodTypes subtree, and defining a new table specific to that credential type.

通过在ipsAuthMethodTypes子树中定义新OID,并定义特定于该凭证类型的新表,可以向该MIB模块添加其他凭证类型。

7.7. IP, Fibre Channel, and Other Addresses
7.7. IP、光纤通道和其他地址

The IP addresses in this MIB module are represented by two attributes, one of type AddressFamilyNumbers, and the other of type AuthAddress. Each address can take on any of the types within the list of address family numbers; the most likely being IPv4, IPv6, or one of the Fibre Channel address types.

此MIB模块中的IP地址由两个属性表示,一个为AddressFamilyNumber类型,另一个为AuthAddress类型。每个地址可以采用地址系列号列表中的任何类型;最有可能是IPv4、IPv6或光纤通道地址类型之一。

The type AuthAddress is an octet string. If the address family is IPv4 or IPv6, the format is taken from the InetAddress specified in [RFC4001]. If the address family is one of the Fibre Channel types, the format is identical to the FcNameIdOrZero type defined in [RFC4044].

AuthAddress类型是八位字节字符串。如果地址系列为IPv4或IPv6,则格式取自[RFC4001]中指定的InetAddress。如果地址系列是光纤通道类型之一,则格式与[RFC4044]中定义的FcNameIdOrZero类型相同。

7.8. Descriptors: Using OIDs in Place of Enumerated Types
7.8. 描述符:使用OID代替枚举类型

Some attributes, particularly the authentication method attribute, would normally require an enumerated type. However, implementations will likely need to add new authentication method types of their own, without extending this MIB module. To make this work, this module defines a set of object identities within ipsAuthDescriptors. Each of these object identities is basically an enumerated type.

某些属性,特别是身份验证方法属性,通常需要枚举类型。但是,实现可能需要添加自己的新身份验证方法类型,而无需扩展此MIB模块。为了实现这一点,此模块在IPSAuthDescriptor中定义了一组对象标识。这些对象标识基本上都是枚举类型。

Attributes that make use of these object identities have a value that is an OID instead of an enumerated type. These OIDs can either indicate the object identities defined in this module, or object identities defined elsewhere, such as in an enterprise MIB module. Those implementations that add their own authentication methods should also define a corresponding object identity for each of these methods within their own enterprise MIB module, and return its OID whenever one of these attributes is using that method.

使用这些对象标识的属性的值是OID而不是枚举类型。这些OID可以指示在此模块中定义的对象标识,也可以指示在其他地方定义的对象标识,例如在企业MIB模块中定义的对象标识。那些添加自己的身份验证方法的实现还应该在自己的企业MIB模块中为这些方法中的每一个定义相应的对象标识,并在其中一个属性使用该方法时返回其OID。

7.9. Notifications
7.9. 通知

Monitoring of authentication failures and other notification events are outside the scope of this MIB module, as they are generally application specific. No notifications are provided or required.

身份验证失败和其他通知事件的监视不在此MIB模块的范围内,因为它们通常是特定于应用程序的。不提供或不需要任何通知。

8. MIB Definitions
8. MIB定义
   IPS-AUTH-MIB DEFINITIONS  ::= BEGIN
        
   IPS-AUTH-MIB DEFINITIONS  ::= BEGIN
        

IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, Unsigned32, mib-2 FROM SNMPv2-SMI

从SNMPv2 SMI导入模块标识、对象类型、对象标识、未签名32、mib-2

TEXTUAL-CONVENTION, RowStatus, AutonomousType, StorageType FROM SNMPv2-TC

SNMPv2 TC中的文本约定、行状态、自治类型、存储类型

MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF

SNMPv2 CONF中的模块合规性、对象组

SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC 3411

SNMP-FRAMEWORK-MIB中的snmpadmin安装——RFC 3411

AddressFamilyNumbers FROM IANA-ADDRESS-FAMILY-NUMBERS-MIB ;

IANA-ADDRESS-FAMILY-NUMBERS-MIB中的AddressFamilyNumber;

ipsAuthMibModule MODULE-IDENTITY LAST-UPDATED "200605220000Z" -- May 22, 2006 ORGANIZATION "IETF IPS Working Group" CONTACT-INFO " Mark Bakke Postal: Cisco Systems, Inc 7900 International Drive, Suite 400 Bloomington, MN USA 55425

ipsAuthMibModule MODULE-IDENTITY最后一次更新“2006052800Z”--2006年5月22日组织“IETF IPS工作组”联系方式Mark Bakke邮政:思科系统公司7900国际驱动器,美国明尼苏达州布卢明顿400室55425

E-mail: mbakke@cisco.com

电邮:mbakke@cisco.com

James Muchow Postal: Qlogic Corp. 6321 Bury Dr. Eden Prairie, MN USA 55346

詹姆斯·穆肖邮政:Qlogic公司,邮编6321,美国明尼苏达州埃登大草原市,邮编55346

E-Mail: james.muchow@qlogic.com"

电子邮件:詹姆斯。muchow@qlogic.com"

DESCRIPTION "The IP Storage Authorization MIB module. Copyright (C) The Internet Society (2006). This version of this MIB module is part of RFC 4545; see the RFC itself for full legal notices."

DESCRIPTION“IP存储授权MIB模块。版权所有(C)Internet Society(2006)。此MIB模块的此版本是RFC 4545的一部分;有关完整的法律声明,请参阅RFC本身。”

REVISION "200605220000Z" -- May 22, 2006 DESCRIPTION "Initial version of the IP Storage Authentication MIB module, published as RFC 4545"

修订版“2006052800Z”-2006年5月22日描述“IP存储身份验证MIB模块的初始版本,发布为RFC 4545”

   ::= { mib-2 141 }
        
   ::= { mib-2 141 }
        
   ipsAuthNotifications OBJECT IDENTIFIER ::= { ipsAuthMibModule 0 }
   ipsAuthObjects       OBJECT IDENTIFIER ::= { ipsAuthMibModule 1 }
   ipsAuthConformance   OBJECT IDENTIFIER ::= { ipsAuthMibModule 2 }
        
   ipsAuthNotifications OBJECT IDENTIFIER ::= { ipsAuthMibModule 0 }
   ipsAuthObjects       OBJECT IDENTIFIER ::= { ipsAuthMibModule 1 }
   ipsAuthConformance   OBJECT IDENTIFIER ::= { ipsAuthMibModule 2 }
        

-- Textual Conventions

--文本约定

   IpsAuthAddress ::= TEXTUAL-CONVENTION
       STATUS        current
       DESCRIPTION
           "IP Storage requires the use of address information
           that uses not only the InetAddress type defined in the
           INET-ADDRESS-MIB, but also Fibre Channel type defined
           in the Fibre Channel Management MIB.  Although these
           address types are recognized in the IANA Address Family
           Numbers MIB, the addressing mechanisms have not been
           merged into a well-known, common type.  This data type,
           the IpsAuthAddress, performs the merging for this MIB
           module.
        
   IpsAuthAddress ::= TEXTUAL-CONVENTION
       STATUS        current
       DESCRIPTION
           "IP Storage requires the use of address information
           that uses not only the InetAddress type defined in the
           INET-ADDRESS-MIB, but also Fibre Channel type defined
           in the Fibre Channel Management MIB.  Although these
           address types are recognized in the IANA Address Family
           Numbers MIB, the addressing mechanisms have not been
           merged into a well-known, common type.  This data type,
           the IpsAuthAddress, performs the merging for this MIB
           module.
        

The formats of objects of this type are determined by a corresponding object with syntax AddressFamilyNumbers, and thus every object defined using this TC must identify the object with syntax AddressFamilyNumbers that specifies its type.

此类型对象的格式由具有语法AddressFamilyNumber的对应对象确定,因此使用此TC定义的每个对象都必须使用指定其类型的语法AddressFamilyNumber标识该对象。

The syntax and semantics of this object depend on the identified AddressFamilyNumbers object as follows:

此对象的语法和语义取决于标识的AddressFamilyNumber对象,如下所示:

           AddressFamilyNumbers   this object
           ====================   ===========
           ipV4(1)                restricted to the same syntax and
                                  semantics as the InetAddressIPv4 TC.
        
           AddressFamilyNumbers   this object
           ====================   ===========
           ipV4(1)                restricted to the same syntax and
                                  semantics as the InetAddressIPv4 TC.
        

ipV6(2) restricted to the same syntax and semantics as the InetAddressIPv6 TC.

ipV6(2)限制为与InetAddressIPv6 TC相同的语法和语义。

fibreChannelWWPN (22) & fibreChannelWWNN(23) restricted to the same syntax and semantics as the FcNameIdOrZero TC.

FibrechannelWpn(22)和FibrechannelWnn(23)的语法和语义与FcNameIdOrZero TC相同。

Types other than the above should not be used unless

除非另有说明,否则不应使用上述以外的类型

           the corresponding format of the IpsAuthAddress object is
           further specified (e.g., in a future revision of this TC)."
       REFERENCE
           "IANA-ADDRESS-FAMILY-NUMBERS-MIB;
            INET-ADDRESS-MIB (RFC 4001);
            FC-MGMT-MIB (RFC 4044)."
       SYNTAX        OCTET STRING (SIZE(0..255))
        
           the corresponding format of the IpsAuthAddress object is
           further specified (e.g., in a future revision of this TC)."
       REFERENCE
           "IANA-ADDRESS-FAMILY-NUMBERS-MIB;
            INET-ADDRESS-MIB (RFC 4001);
            FC-MGMT-MIB (RFC 4044)."
       SYNTAX        OCTET STRING (SIZE(0..255))
        
   --******************************************************************
        
   --******************************************************************
        
   ipsAuthDescriptors OBJECT IDENTIFIER ::= { ipsAuthObjects 1 }
        
   ipsAuthDescriptors OBJECT IDENTIFIER ::= { ipsAuthObjects 1 }
        
   ipsAuthMethodTypes OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "Registration point for Authentication Method Types."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthDescriptors 1 }
        
   ipsAuthMethodTypes OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "Registration point for Authentication Method Types."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthDescriptors 1 }
        
   ipsAuthMethodNone OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "The authoritative identifier when no authentication
           method is used."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 1 }
        
   ipsAuthMethodNone OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "The authoritative identifier when no authentication
           method is used."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 1 }
        
   ipsAuthMethodSrp OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "The authoritative identifier when the authentication
           method is SRP."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 2 }
        
   ipsAuthMethodSrp OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "The authoritative identifier when the authentication
           method is SRP."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 2 }
        
   ipsAuthMethodChap OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "The authoritative identifier when the authentication
           method is CHAP."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 3 }
        
   ipsAuthMethodChap OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "The authoritative identifier when the authentication
           method is CHAP."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 3 }
        

ipsAuthMethodKerberos OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the authentication method is Kerberos."

ipsAuthMethodKerberos对象标识状态当前描述“身份验证方法为Kerberos时的权威标识符。”

       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 4 }
        
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 4 }
        
   --******************************************************************
        
   --******************************************************************
        
   ipsAuthInstance OBJECT IDENTIFIER ::= { ipsAuthObjects 2 }
        
   ipsAuthInstance OBJECT IDENTIFIER ::= { ipsAuthObjects 2 }
        

-- Instance Attributes Table

--实例属性表

   ipsAuthInstanceAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthInstanceAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of Authorization instances present on the system."
   ::= { ipsAuthInstance 2 }
        
   ipsAuthInstanceAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthInstanceAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of Authorization instances present on the system."
   ::= { ipsAuthInstance 2 }
        
   ipsAuthInstanceAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthInstanceAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to a particular Authorization instance."
       INDEX { ipsAuthInstIndex }
   ::= { ipsAuthInstanceAttributesTable 1 }
        
   ipsAuthInstanceAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthInstanceAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to a particular Authorization instance."
       INDEX { ipsAuthInstIndex }
   ::= { ipsAuthInstanceAttributesTable 1 }
        
   IpsAuthInstanceAttributesEntry ::= SEQUENCE {
       ipsAuthInstIndex               Unsigned32,
       ipsAuthInstDescr               SnmpAdminString,
       ipsAuthInstStorageType         StorageType
   }
        
   IpsAuthInstanceAttributesEntry ::= SEQUENCE {
       ipsAuthInstIndex               Unsigned32,
       ipsAuthInstDescr               SnmpAdminString,
       ipsAuthInstStorageType         StorageType
   }
        
   ipsAuthInstIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular authorization instance.  This index value
           must not be modified or reused by an agent unless
           a reboot has occurred.  An agent should attempt to
           keep this value persistent across reboots."
   ::= { ipsAuthInstanceAttributesEntry 1 }
        
   ipsAuthInstIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular authorization instance.  This index value
           must not be modified or reused by an agent unless
           a reboot has occurred.  An agent should attempt to
           keep this value persistent across reboots."
   ::= { ipsAuthInstanceAttributesEntry 1 }
        

ipsAuthInstDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write

IPAuthInstDescr对象类型语法SNMPAdministring MAX-ACCESS读写

       STATUS        current
       DESCRIPTION
           "A character string, determined by the implementation to
           describe the authorization instance.  When only a single
           instance is present, this object may be set to the
           zero-length string; with multiple authorization
           instances, it must be set to a unique value in an
           implementation-dependent manner to describe the purpose
           of the respective instance.  If this is deployed in a
           master agent with more than one subagent implementing
           this MIB module, the master agent is responsible for
           ensuring that this object is unique across all
           subagents."
   ::= { ipsAuthInstanceAttributesEntry 2 }
        
       STATUS        current
       DESCRIPTION
           "A character string, determined by the implementation to
           describe the authorization instance.  When only a single
           instance is present, this object may be set to the
           zero-length string; with multiple authorization
           instances, it must be set to a unique value in an
           implementation-dependent manner to describe the purpose
           of the respective instance.  If this is deployed in a
           master agent with more than one subagent implementing
           this MIB module, the master agent is responsible for
           ensuring that this object is unique across all
           subagents."
   ::= { ipsAuthInstanceAttributesEntry 2 }
        

ipsAuthInstStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-write STATUS current DESCRIPTION "The storage type for all read-write objects within this row. Rows in this table are always created via an external process, and may have a storage type of readOnly or permanent. Conceptual rows having the value 'permanent' need not allow write access to any columnar objects in the row.

IPAuthInstStorageType对象类型语法StorageType MAX-ACCESS读写状态当前说明“此行中所有读写对象的存储类型。此表中的行始终通过外部进程创建,存储类型可能为只读或永久。值为“permanent”的概念行不需要允许对该行中的任何列对象进行写访问。

If this object has the value 'volatile', modifications to read-write objects in this row are not persistent across reboots. If this object has the value 'nonVolatile', modifications to objects in this row are persistent.

如果此对象的值为“volatile”,则对此行中读写对象的修改不会在重新启动期间持续。如果此对象的值为“nonVolatile”,则对此行中对象的修改是持久的。

            An implementation may choose to allow this object
            to be set to either 'nonVolatile' or 'volatile',
            allowing the management application to choose this
            behavior."
       DEFVAL        { volatile }
   ::= { ipsAuthInstanceAttributesEntry 3 }
        
            An implementation may choose to allow this object
            to be set to either 'nonVolatile' or 'volatile',
            allowing the management application to choose this
            behavior."
       DEFVAL        { volatile }
   ::= { ipsAuthInstanceAttributesEntry 3 }
        
   ipsAuthIdentity OBJECT IDENTIFIER ::= { ipsAuthObjects 3 }
        
   ipsAuthIdentity OBJECT IDENTIFIER ::= { ipsAuthObjects 3 }
        

-- User Identity Attributes Table

--用户标识属性表

ipsAuthIdentAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthIdentAttributesEntry MAX-ACCESS not-accessible STATUS current

IpsAuthIdentintAttributeStable对象类型语法序列IpsAuthIdentintAttributeEntry MAX-ACCESS不可访问状态当前

       DESCRIPTION
           "A list of user identities, each belonging to a
           particular ipsAuthInstance."
   ::= { ipsAuthIdentity 1 }
        
       DESCRIPTION
           "A list of user identities, each belonging to a
           particular ipsAuthInstance."
   ::= { ipsAuthIdentity 1 }
        
   ipsAuthIdentAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthIdentAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           describing a user identity within an authorization
           instance on this node."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex }
   ::= { ipsAuthIdentAttributesTable  1 }
        
   ipsAuthIdentAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthIdentAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           describing a user identity within an authorization
           instance on this node."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex }
   ::= { ipsAuthIdentAttributesTable  1 }
        
   IpsAuthIdentAttributesEntry ::= SEQUENCE {
       ipsAuthIdentIndex              Unsigned32,
       ipsAuthIdentDescription        SnmpAdminString,
       ipsAuthIdentRowStatus          RowStatus,
       ipsAuthIdentStorageType        StorageType
   }
        
   IpsAuthIdentAttributesEntry ::= SEQUENCE {
       ipsAuthIdentIndex              Unsigned32,
       ipsAuthIdentDescription        SnmpAdminString,
       ipsAuthIdentRowStatus          RowStatus,
       ipsAuthIdentStorageType        StorageType
   }
        
   ipsAuthIdentIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular identity instance within an authorization
           instance present on the node.  This index value
           must not be modified or reused by an agent unless
           a reboot has occurred.  An agent should attempt to
           keep this value persistent across reboots."
   ::= { ipsAuthIdentAttributesEntry 1 }
        
   ipsAuthIdentIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular identity instance within an authorization
           instance present on the node.  This index value
           must not be modified or reused by an agent unless
           a reboot has occurred.  An agent should attempt to
           keep this value persistent across reboots."
   ::= { ipsAuthIdentAttributesEntry 1 }
        
   ipsAuthIdentDescription OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string describing this particular identity."
   ::= { ipsAuthIdentAttributesEntry 2 }
        
   ipsAuthIdentDescription OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string describing this particular identity."
   ::= { ipsAuthIdentAttributesEntry 2 }
        

ipsAuthIdentRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current

IPAuthIdentintRowStatus对象类型语法RowStatus MAX-ACCESS读取创建状态当前

       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthIdentDescription may be set while
           ipsAuthIdentRowStatus is 'active'."
   ::= { ipsAuthIdentAttributesEntry 3 }
        
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthIdentDescription may be set while
           ipsAuthIdentRowStatus is 'active'."
   ::= { ipsAuthIdentAttributesEntry 3 }
        
   ipsAuthIdentStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthIdentAttributesEntry 4 }
        
   ipsAuthIdentStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthIdentAttributesEntry 4 }
        
   ipsAuthIdentityName OBJECT IDENTIFIER ::= { ipsAuthObjects 4 }
        
   ipsAuthIdentityName OBJECT IDENTIFIER ::= { ipsAuthObjects 4 }
        

-- User Initiator Name Attributes Table

--用户启动器名称属性表

   ipsAuthIdentNameAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthIdentNameAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of unique names that can be used to positively
           identify a particular user identity."
   ::= { ipsAuthIdentityName 1 }
        
   ipsAuthIdentNameAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthIdentNameAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of unique names that can be used to positively
           identify a particular user identity."
   ::= { ipsAuthIdentityName 1 }
        
   ipsAuthIdentNameAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthIdentNameAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to a unique identity name, which can be used
           to identify a user identity within a particular
           authorization instance."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
               ipsAuthIdentNameIndex }
   ::= { ipsAuthIdentNameAttributesTable  1 }
        
   ipsAuthIdentNameAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthIdentNameAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to a unique identity name, which can be used
           to identify a user identity within a particular
           authorization instance."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
               ipsAuthIdentNameIndex }
   ::= { ipsAuthIdentNameAttributesTable  1 }
        
   IpsAuthIdentNameAttributesEntry ::= SEQUENCE {
       ipsAuthIdentNameIndex          Unsigned32,
       ipsAuthIdentName               SnmpAdminString,
       ipsAuthIdentNameRowStatus      RowStatus,
       ipsAuthIdentNameStorageType    StorageType
   }
        
   IpsAuthIdentNameAttributesEntry ::= SEQUENCE {
       ipsAuthIdentNameIndex          Unsigned32,
       ipsAuthIdentName               SnmpAdminString,
       ipsAuthIdentNameRowStatus      RowStatus,
       ipsAuthIdentNameStorageType    StorageType
   }
        
   ipsAuthIdentNameIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular identity name instance within an
           ipsAuthIdentity within an authorization instance.
           This index value must not be modified or reused by
           an agent unless a reboot has occurred.  An agent
           should attempt to keep this value persistent across
           reboots."
   ::= { ipsAuthIdentNameAttributesEntry 1 }
        
   ipsAuthIdentNameIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular identity name instance within an
           ipsAuthIdentity within an authorization instance.
           This index value must not be modified or reused by
           an agent unless a reboot has occurred.  An agent
           should attempt to keep this value persistent across
           reboots."
   ::= { ipsAuthIdentNameAttributesEntry 1 }
        
   ipsAuthIdentName OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string that is the unique name of an
           identity that may be used to identify this ipsAuthIdent
           entry."
   ::= { ipsAuthIdentNameAttributesEntry 2 }
        
   ipsAuthIdentName OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string that is the unique name of an
           identity that may be used to identify this ipsAuthIdent
           entry."
   ::= { ipsAuthIdentNameAttributesEntry 2 }
        
   ipsAuthIdentNameRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthIdentName may be set when this value is 'active'."
   ::= { ipsAuthIdentNameAttributesEntry 3 }
        
   ipsAuthIdentNameRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthIdentName may be set when this value is 'active'."
   ::= { ipsAuthIdentNameAttributesEntry 3 }
        

ipsAuthIdentNameStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION

IPAuthIdentityNameStorageType对象类型语法StorageType MAX-ACCESS读取创建状态当前描述

           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthIdentNameAttributesEntry 4 }
        
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthIdentNameAttributesEntry 4 }
        
   ipsAuthIdentityAddress OBJECT IDENTIFIER ::= { ipsAuthObjects 5 }
        
   ipsAuthIdentityAddress OBJECT IDENTIFIER ::= { ipsAuthObjects 5 }
        

-- User Initiator Address Attributes Table

--用户启动器地址属性表

   ipsAuthIdentAddrAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthIdentAddrAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of address ranges that are allowed to serve
           as the endpoint addresses of a particular identity.
           An address range includes a starting and ending address
           and an optional netmask, and an address type indicator,
           which can specify whether the address is IPv4, IPv6,
           FC-WWPN, or FC-WWNN."
   ::= { ipsAuthIdentityAddress 1 }
        
   ipsAuthIdentAddrAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthIdentAddrAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of address ranges that are allowed to serve
           as the endpoint addresses of a particular identity.
           An address range includes a starting and ending address
           and an optional netmask, and an address type indicator,
           which can specify whether the address is IPv4, IPv6,
           FC-WWPN, or FC-WWNN."
   ::= { ipsAuthIdentityAddress 1 }
        
   ipsAuthIdentAddrAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthIdentAddrAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to an address range that is used as part
           of the authorization of an identity
           within an authorization instance on this node."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
               ipsAuthIdentAddrIndex }
   ::= { ipsAuthIdentAddrAttributesTable  1 }
        
   ipsAuthIdentAddrAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthIdentAddrAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to an address range that is used as part
           of the authorization of an identity
           within an authorization instance on this node."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
               ipsAuthIdentAddrIndex }
   ::= { ipsAuthIdentAddrAttributesTable  1 }
        
   IpsAuthIdentAddrAttributesEntry ::= SEQUENCE {
       ipsAuthIdentAddrIndex          Unsigned32,
       ipsAuthIdentAddrType           AddressFamilyNumbers,
       ipsAuthIdentAddrStart          IpsAuthAddress,
       ipsAuthIdentAddrEnd            IpsAuthAddress,
       ipsAuthIdentAddrRowStatus      RowStatus,
       ipsAuthIdentAddrStorageType    StorageType
   }
        
   IpsAuthIdentAddrAttributesEntry ::= SEQUENCE {
       ipsAuthIdentAddrIndex          Unsigned32,
       ipsAuthIdentAddrType           AddressFamilyNumbers,
       ipsAuthIdentAddrStart          IpsAuthAddress,
       ipsAuthIdentAddrEnd            IpsAuthAddress,
       ipsAuthIdentAddrRowStatus      RowStatus,
       ipsAuthIdentAddrStorageType    StorageType
   }
        

ipsAuthIdentAddrIndex OBJECT-TYPE

IPAuthIdentintAddrIndex对象类型

       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular ipsAuthIdentAddress instance within an
           ipsAuthIdentity within an authorization instance
           present on the node.
           This index value must not be modified or reused by
           an agent unless a reboot has occurred.  An agent
           should attempt to keep this value persistent across
           reboots."
   ::= { ipsAuthIdentAddrAttributesEntry 1 }
        
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular ipsAuthIdentAddress instance within an
           ipsAuthIdentity within an authorization instance
           present on the node.
           This index value must not be modified or reused by
           an agent unless a reboot has occurred.  An agent
           should attempt to keep this value persistent across
           reboots."
   ::= { ipsAuthIdentAddrAttributesEntry 1 }
        
   ipsAuthIdentAddrType OBJECT-TYPE
       SYNTAX        AddressFamilyNumbers
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The address types used in the ipsAuthIdentAddrStart
           and ipsAuthAddrEnd objects.  This type is taken
           from the IANA address family types."
   ::= { ipsAuthIdentAddrAttributesEntry 2 }
        
   ipsAuthIdentAddrType OBJECT-TYPE
       SYNTAX        AddressFamilyNumbers
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The address types used in the ipsAuthIdentAddrStart
           and ipsAuthAddrEnd objects.  This type is taken
           from the IANA address family types."
   ::= { ipsAuthIdentAddrAttributesEntry 2 }
        
   ipsAuthIdentAddrStart OBJECT-TYPE
       SYNTAX        IpsAuthAddress
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The starting address of the allowed address range.
           The format of this object is determined by
           ipsAuthIdentAddrType."
   ::= { ipsAuthIdentAddrAttributesEntry 3 }
        
   ipsAuthIdentAddrStart OBJECT-TYPE
       SYNTAX        IpsAuthAddress
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The starting address of the allowed address range.
           The format of this object is determined by
           ipsAuthIdentAddrType."
   ::= { ipsAuthIdentAddrAttributesEntry 3 }
        
   ipsAuthIdentAddrEnd OBJECT-TYPE
       SYNTAX        IpsAuthAddress
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The ending address of the allowed address range.
           If the ipsAuthIdentAddrEntry specifies a single
           address, this shall match the ipsAuthIdentAddrStart.
           The format of this object is determined by
           ipsAuthIdentAddrType."
   ::= { ipsAuthIdentAddrAttributesEntry 4 }
        
   ipsAuthIdentAddrEnd OBJECT-TYPE
       SYNTAX        IpsAuthAddress
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The ending address of the allowed address range.
           If the ipsAuthIdentAddrEntry specifies a single
           address, this shall match the ipsAuthIdentAddrStart.
           The format of this object is determined by
           ipsAuthIdentAddrType."
   ::= { ipsAuthIdentAddrAttributesEntry 4 }
        

ipsAuthIdentAddrRowStatus OBJECT-TYPE SYNTAX RowStatus

IPAuthIdentintAddErrorStatus对象类型语法RowStatus

       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The values of
           ipsAuthIdentAddrStart and ipsAuthIdentAddrEnd may be set
           when this value is 'active'.  The value of
           ipsAuthIdentAddrType may not be set when this value is
           'active'."
   ::= { ipsAuthIdentAddrAttributesEntry 5 }
        
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The values of
           ipsAuthIdentAddrStart and ipsAuthIdentAddrEnd may be set
           when this value is 'active'.  The value of
           ipsAuthIdentAddrType may not be set when this value is
           'active'."
   ::= { ipsAuthIdentAddrAttributesEntry 5 }
        
   ipsAuthIdentAddrStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthIdentAddrAttributesEntry 6 }
        
   ipsAuthIdentAddrStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthIdentAddrAttributesEntry 6 }
        
   ipsAuthCredential OBJECT IDENTIFIER ::= { ipsAuthObjects 6 }
        
   ipsAuthCredential OBJECT IDENTIFIER ::= { ipsAuthObjects 6 }
        

-- Credential Attributes Table

--凭证属性表

   ipsAuthCredentialAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthCredentialAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of credentials related to user identities
           that are allowed as valid authenticators of the
           particular identity."
   ::= { ipsAuthCredential 1 }
        
   ipsAuthCredentialAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthCredentialAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of credentials related to user identities
           that are allowed as valid authenticators of the
           particular identity."
   ::= { ipsAuthCredential 1 }
        

ipsAuthCredentialAttributesEntry OBJECT-TYPE SYNTAX IpsAuthCredentialAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a credential that verifies a user identity within an authorization instance.

IPAuthCredentialAttributesEntry对象类型语法IPAuthCredentialAttributesEntry MAX-ACCESS不可访问状态当前描述“包含适用于验证授权实例中用户身份的凭据的管理信息的条目(行)。

           To provide complete information in this MIB for a credential,
           the management station must not only create the row in this
           table but must also create a row in another table, where the
           other table is determined by the value of
           ipsAuthCredAuthMethod, e.g., if ipsAuthCredAuthMethod has the
           value ipsAuthMethodChap, a row must be created in the
           ipsAuthCredChapAttributesTable."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredentialAttributesTable  1 }
        
           To provide complete information in this MIB for a credential,
           the management station must not only create the row in this
           table but must also create a row in another table, where the
           other table is determined by the value of
           ipsAuthCredAuthMethod, e.g., if ipsAuthCredAuthMethod has the
           value ipsAuthMethodChap, a row must be created in the
           ipsAuthCredChapAttributesTable."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredentialAttributesTable  1 }
        
   IpsAuthCredentialAttributesEntry ::= SEQUENCE {
       ipsAuthCredIndex               Unsigned32,
       ipsAuthCredAuthMethod          AutonomousType,
       ipsAuthCredRowStatus           RowStatus,
       ipsAuthCredStorageType         StorageType
   }
        
   IpsAuthCredentialAttributesEntry ::= SEQUENCE {
       ipsAuthCredIndex               Unsigned32,
       ipsAuthCredAuthMethod          AutonomousType,
       ipsAuthCredRowStatus           RowStatus,
       ipsAuthCredStorageType         StorageType
   }
        
   ipsAuthCredIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular Credential instance within an instance
           present on the node.
           This index value must not be modified or reused by
           an agent unless a reboot has occurred.  An agent
           should attempt to keep this value persistent across
           reboots."
   ::= { ipsAuthCredentialAttributesEntry 1 }
        
   ipsAuthCredIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular Credential instance within an instance
           present on the node.
           This index value must not be modified or reused by
           an agent unless a reboot has occurred.  An agent
           should attempt to keep this value persistent across
           reboots."
   ::= { ipsAuthCredentialAttributesEntry 1 }
        

ipsAuthCredAuthMethod OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-create STATUS current DESCRIPTION "This object contains an OBJECT IDENTIFIER that identifies the authentication method used with this credential.

ipsAuthCredAuthMethod对象类型语法AutonomousType MAX-ACCESS读取创建状态当前描述“此对象包含一个对象标识符,用于标识此凭据使用的身份验证方法。

When a row is created in this table, a corresponding row must be created by the management station in a corresponding table specified by this value.

在该表中创建行时,管理站必须在该值指定的相应表中创建相应行。

When a row is deleted from this table, the corresponding row must be automatically deleted by the agent in the corresponding table specified by this value.

从该表中删除行时,该值指定的相应表中的代理必须自动删除相应行。

If the value of this object is ipsAuthMethodNone, no corresponding rows are created or deleted from other tables.

如果此对象的值为ipsAuthMethodNone,则不会从其他表中创建或删除相应的行。

           Some standardized values for this object are defined
           within the ipsAuthMethodTypes subtree."
   ::= { ipsAuthCredentialAttributesEntry 2 }
        
           Some standardized values for this object are defined
           within the ipsAuthMethodTypes subtree."
   ::= { ipsAuthCredentialAttributesEntry 2 }
        
   ipsAuthCredRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredAuthMethod must not be changed while this row
           is 'active'."
   ::= { ipsAuthCredentialAttributesEntry 3 }
        
   ipsAuthCredRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredAuthMethod must not be changed while this row
           is 'active'."
   ::= { ipsAuthCredentialAttributesEntry 3 }
        
   ipsAuthCredStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredentialAttributesEntry 4 }
        
   ipsAuthCredStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredentialAttributesEntry 4 }
        
   ipsAuthCredChap OBJECT IDENTIFIER ::= { ipsAuthObjects 7 }
        
   ipsAuthCredChap OBJECT IDENTIFIER ::= { ipsAuthObjects 7 }
        

-- Credential Chap-Specific Attributes Table

--凭证Chap特定属性表

ipsAuthCredChapAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthCredChapAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of CHAP attributes for credentials that use ipsAuthMethodChap as their ipsAuthCredAuthMethod.

IPSAuthCredChapAttributesIPSAuthCredChapAttributesEntry MAX-ACCESS不可访问状态当前描述“使用ipsAuthMethodChap作为ipsAuthCredAuthMethod的凭据的CHAP属性列表。

A row in this table can only exist when an instance of the ipsAuthCredAuthMethod object exists (or is created

仅当ipsAuthCredAuthMethod对象的实例存在(或已创建)时,此表中的行才能存在

           simultaneously) having the same instance identifiers
           and a value of 'ipsAuthMethodChap'."
   ::= { ipsAuthCredChap 1 }
        
           simultaneously) having the same instance identifiers
           and a value of 'ipsAuthMethodChap'."
   ::= { ipsAuthCredChap 1 }
        

ipsAuthCredChapAttributesEntry OBJECT-TYPE SYNTAX IpsAuthCredChapAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a credential that uses ipsAuthMethodChap as their ipsAuthCredAuthMethod.

ipsAuthCredChapAttributesEntry对象类型语法ipsAuthCredChapAttributesEntry MAX-ACCESS不可访问状态当前描述“包含适用于使用ipsAuthMethodChap作为ipsAuthCredAuthMethod的凭据的管理信息的条目(行)。

When a row is created in ipsAuthCredentialAttributesTable with ipsAuthCredAuthMethod = ipsAuthCredChap, the management station must create a corresponding row in this table.

当在IPSAuthCredentialAttributeTestable中使用ipsAuthCredAuthMethod=ipsAuthCredChap创建行时,管理站必须在此表中创建相应的行。

           When a row is deleted from ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredChap, the
           agent must delete the corresponding row (if any) in
           this table."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredChapAttributesTable  1 }
        
           When a row is deleted from ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredChap, the
           agent must delete the corresponding row (if any) in
           this table."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredChapAttributesTable  1 }
        
   IpsAuthCredChapAttributesEntry ::= SEQUENCE {
       ipsAuthCredChapUserName        SnmpAdminString,
       ipsAuthCredChapRowStatus       RowStatus,
       ipsAuthCredChapStorageType     StorageType
   }
        
   IpsAuthCredChapAttributesEntry ::= SEQUENCE {
       ipsAuthCredChapUserName        SnmpAdminString,
       ipsAuthCredChapRowStatus       RowStatus,
       ipsAuthCredChapStorageType     StorageType
   }
        
   ipsAuthCredChapUserName OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string containing the CHAP user name for this
           credential."
       REFERENCE
           "W. Simpson, RFC 1994: PPP Challenge Handshake
           Authentication Protocol (CHAP), August 1996"
   ::= { ipsAuthCredChapAttributesEntry 1 }
        
   ipsAuthCredChapUserName OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string containing the CHAP user name for this
           credential."
       REFERENCE
           "W. Simpson, RFC 1994: PPP Challenge Handshake
           Authentication Protocol (CHAP), August 1996"
   ::= { ipsAuthCredChapAttributesEntry 1 }
        

ipsAuthCredChapRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION

ipsAuthCredChapRowStatus对象类型语法RowStatus MAX-ACCESS读取创建状态当前描述

           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredChapUserName may be changed while this row
           is 'active'."
   ::= { ipsAuthCredChapAttributesEntry 2 }
        
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredChapUserName may be changed while this row
           is 'active'."
   ::= { ipsAuthCredChapAttributesEntry 2 }
        
   ipsAuthCredChapStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredChapAttributesEntry 3 }
        
   ipsAuthCredChapStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredChapAttributesEntry 3 }
        
   ipsAuthCredSrp OBJECT IDENTIFIER ::= { ipsAuthObjects 8 }
        
   ipsAuthCredSrp OBJECT IDENTIFIER ::= { ipsAuthObjects 8 }
        

-- Credential Srp-Specific Attributes Table

--凭证Srp特定属性表

ipsAuthCredSrpAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthCredSrpAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of SRP attributes for credentials that use ipsAuthMethodSrp as its ipsAuthCredAuthMethod.

ipsAuthCredSrpAttributesTable对象类型语法IpsAuthCredSrpAttributesEntry MAX-ACCESS不可访问状态当前描述“使用ipsAuthMethodSrp作为ipsAuthCredAuthMethod的凭据的SRP属性列表。”。

           A row in this table can only exist when an instance of
           the ipsAuthCredAuthMethod object exists (or is created
           simultaneously) having the same instance identifiers
           and a value of 'ipsAuthMethodSrp'."
   ::= { ipsAuthCredSrp 1 }
        
           A row in this table can only exist when an instance of
           the ipsAuthCredAuthMethod object exists (or is created
           simultaneously) having the same instance identifiers
           and a value of 'ipsAuthMethodSrp'."
   ::= { ipsAuthCredSrp 1 }
        

ipsAuthCredSrpAttributesEntry OBJECT-TYPE SYNTAX IpsAuthCredSrpAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a credential that uses ipsAuthMethodSrp as their ipsAuthCredAuthMethod.

ipsAuthCredSrpAttributesEntry对象类型语法ipsAuthCredSrpAttributesEntry MAX-ACCESS不可访问状态当前描述“包含适用于使用ipsAuthMethodSrp作为ipsAuthCredAuthMethod的凭据的管理信息的条目(行)。

When a row is created in ipsAuthCredentialAttributesTable with ipsAuthCredAuthMethod = ipsAuthCredSrp, the management station must create a corresponding row in this table.

当在IPSAuthCredentialAttributeTestable中使用ipsAuthCredAuthMethod=ipsAuthCredSrp创建行时,管理站必须在此表中创建相应的行。

           When a row is deleted from ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
           agent must delete the corresponding row (if any) in
           this table."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredSrpAttributesTable  1 }
        
           When a row is deleted from ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
           agent must delete the corresponding row (if any) in
           this table."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredSrpAttributesTable  1 }
        
   IpsAuthCredSrpAttributesEntry ::= SEQUENCE {
       ipsAuthCredSrpUserName         SnmpAdminString,
       ipsAuthCredSrpRowStatus        RowStatus,
       ipsAuthCredSrpStorageType      StorageType
   }
        
   IpsAuthCredSrpAttributesEntry ::= SEQUENCE {
       ipsAuthCredSrpUserName         SnmpAdminString,
       ipsAuthCredSrpRowStatus        RowStatus,
       ipsAuthCredSrpStorageType      StorageType
   }
        
   ipsAuthCredSrpUserName OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string containing the SRP user name for this
           credential."
       REFERENCE
          "T. Wu, RFC 2945: The SRP Authentication and Key
          Exchange System, September 2000"
   ::= { ipsAuthCredSrpAttributesEntry 1 }
        
   ipsAuthCredSrpUserName OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string containing the SRP user name for this
           credential."
       REFERENCE
          "T. Wu, RFC 2945: The SRP Authentication and Key
          Exchange System, September 2000"
   ::= { ipsAuthCredSrpAttributesEntry 1 }
        
   ipsAuthCredSrpRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredSrpUserName may be changed while the status
           of this row is 'active'."
   ::= { ipsAuthCredSrpAttributesEntry 2 }
        
   ipsAuthCredSrpRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredSrpUserName may be changed while the status
           of this row is 'active'."
   ::= { ipsAuthCredSrpAttributesEntry 2 }
        

ipsAuthCredSrpStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION

ipsAuthCredSrpStorageType对象类型语法StorageType MAX-ACCESS读取创建状态当前描述

           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredSrpAttributesEntry 3 }
        
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredSrpAttributesEntry 3 }
        
   ipsAuthCredKerberos OBJECT IDENTIFIER ::= { ipsAuthObjects 9 }
        
   ipsAuthCredKerberos OBJECT IDENTIFIER ::= { ipsAuthObjects 9 }
        

-- Credential Kerberos-Specific Attributes Table

--凭据Kerberos特定属性表

ipsAuthCredKerbAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsAuthCredKerbAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of Kerberos attributes for credentials that use ipsAuthMethodKerberos as their ipsAuthCredAuthMethod.

IPSAuthCredkerBattributesIPSAuthCredkerBattributesEntry MAX-ACCESS不可访问状态当前描述“使用ipsAuthMethodKerberos作为ipsAuthCredAuthMethod的凭据的Kerberos属性列表。”。

           A row in this table can only exist when an instance of
           the ipsAuthCredAuthMethod object exists (or is created
           simultaneously) having the same instance identifiers
           and a value of 'ipsAuthMethodKerb'."
   ::= { ipsAuthCredKerberos 1 }
        
           A row in this table can only exist when an instance of
           the ipsAuthCredAuthMethod object exists (or is created
           simultaneously) having the same instance identifiers
           and a value of 'ipsAuthMethodKerb'."
   ::= { ipsAuthCredKerberos 1 }
        

ipsAuthCredKerbAttributesEntry OBJECT-TYPE SYNTAX IpsAuthCredKerbAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a credential that uses ipsAuthMethodKerberos as its ipsAuthCredAuthMethod.

ipsAuthCredKerbAttributesEntry对象类型语法ipsAuthCredKerbAttributesEntry MAX-ACCESS不可访问状态当前描述”包含适用于使用ipsAuthMethodKerberos作为其IPSAuthCredAuth方法的凭据的管理信息的条目(行)。

When a row is created in ipsAuthCredentialAttributesTable with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the management station must create a corresponding row in this table.

当在IPSAuthCredentialAttributeTestable中使用ipsAuthCredAuthMethod=ipsAuthCredKerberos创建行时,管理站必须在此表中创建相应的行。

           When a row is deleted from ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
           agent must delete the corresponding row (if any) in
           this table."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredKerbAttributesTable  1 }
        
           When a row is deleted from ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
           agent must delete the corresponding row (if any) in
           this table."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredKerbAttributesTable  1 }
        
   IpsAuthCredKerbAttributesEntry ::= SEQUENCE {
        
   IpsAuthCredKerbAttributesEntry ::= SEQUENCE {
        

ipsAuthCredKerbPrincipal SnmpAdminString, ipsAuthCredKerbRowStatus RowStatus, ipsAuthCredKerbStorageType StorageType }

ipsAuthCredKerbPrincipal SNMPAdministring,ipsAuthCredKerbRowStatus RowStatus,ipsAuthCredKerbStorageType StorageType}

   ipsAuthCredKerbPrincipal OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string containing a Kerberos principal
           for this credential."
       REFERENCE
           "C. Neuman, S. Hartman, and K. Raeburn, RFC 4120:
           The Kerberos Network Authentication Service (V5),
           July 2005"
   ::= { ipsAuthCredKerbAttributesEntry 1 }
        
   ipsAuthCredKerbPrincipal OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string containing a Kerberos principal
           for this credential."
       REFERENCE
           "C. Neuman, S. Hartman, and K. Raeburn, RFC 4120:
           The Kerberos Network Authentication Service (V5),
           July 2005"
   ::= { ipsAuthCredKerbAttributesEntry 1 }
        
   ipsAuthCredKerbRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredKerbPrincipal may be changed while this row
           is 'active'."
   ::= { ipsAuthCredKerbAttributesEntry 2 }
        
   ipsAuthCredKerbRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredKerbPrincipal may be changed while this row
           is 'active'."
   ::= { ipsAuthCredKerbAttributesEntry 2 }
        
   ipsAuthCredKerbStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredKerbAttributesEntry 3 }
        
   ipsAuthCredKerbStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredKerbAttributesEntry 3 }
        
   --******************************************************************
   -- Notifications
        
   --******************************************************************
   -- Notifications
        

-- There are no notifications necessary in this MIB module.

--此MIB模块中不需要通知。

   --******************************************************************
        
   --******************************************************************
        

-- Conformance Statements

--一致性声明

   ipsAuthCompliances OBJECT IDENTIFIER ::= { ipsAuthConformance 1 }
   ipsAuthGroups      OBJECT IDENTIFIER ::= { ipsAuthConformance 2 }
        
   ipsAuthCompliances OBJECT IDENTIFIER ::= { ipsAuthConformance 1 }
   ipsAuthGroups      OBJECT IDENTIFIER ::= { ipsAuthConformance 2 }
        
   ipsAuthInstanceAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthInstDescr,
           ipsAuthInstStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           authorization instances."
   ::= { ipsAuthGroups 1 }
        
   ipsAuthInstanceAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthInstDescr,
           ipsAuthInstStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           authorization instances."
   ::= { ipsAuthGroups 1 }
        
   ipsAuthIdentAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthIdentDescription,
           ipsAuthIdentRowStatus,
           ipsAuthIdentStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           user identities within an authorization instance."
   ::= { ipsAuthGroups 2 }
        
   ipsAuthIdentAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthIdentDescription,
           ipsAuthIdentRowStatus,
           ipsAuthIdentStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           user identities within an authorization instance."
   ::= { ipsAuthGroups 2 }
        
   ipsAuthIdentNameAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthIdentName,
           ipsAuthIdentNameRowStatus,
           ipsAuthIdentNameStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           user names within user identities within an authorization
           instance."
   ::= { ipsAuthGroups 3 }
        
   ipsAuthIdentNameAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthIdentName,
           ipsAuthIdentNameRowStatus,
           ipsAuthIdentNameStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           user names within user identities within an authorization
           instance."
   ::= { ipsAuthGroups 3 }
        

ipsAuthIdentAddrAttributesGroup OBJECT-GROUP OBJECTS { ipsAuthIdentAddrType, ipsAuthIdentAddrStart, ipsAuthIdentAddrEnd,

IPSAuthIdentintAddRattributeGroup对象组对象{IPSAuthIdentintAddRType,IPSAuthIdentintAddRStart,IPSAuthIdentintAddRend,

           ipsAuthIdentAddrRowStatus,
           ipsAuthIdentAddrStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           address ranges within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 4 }
        
           ipsAuthIdentAddrRowStatus,
           ipsAuthIdentAddrStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           address ranges within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 4 }
        
   ipsAuthIdentCredAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredAuthMethod,
           ipsAuthCredRowStatus,
           ipsAuthCredStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           credentials within user identities within an authorization
           instance."
   ::= { ipsAuthGroups 5 }
        
   ipsAuthIdentCredAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredAuthMethod,
           ipsAuthCredRowStatus,
           ipsAuthCredStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           credentials within user identities within an authorization
           instance."
   ::= { ipsAuthGroups 5 }
        
   ipsAuthIdentChapAttrGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredChapUserName,
           ipsAuthCredChapRowStatus,
           ipsAuthCredChapStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           CHAP credentials within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 6 }
        
   ipsAuthIdentChapAttrGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredChapUserName,
           ipsAuthCredChapRowStatus,
           ipsAuthCredChapStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           CHAP credentials within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 6 }
        
   ipsAuthIdentSrpAttrGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredSrpUserName,
           ipsAuthCredSrpRowStatus,
           ipsAuthCredSrpStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           SRP credentials within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 7 }
        
   ipsAuthIdentSrpAttrGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredSrpUserName,
           ipsAuthCredSrpRowStatus,
           ipsAuthCredSrpStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           SRP credentials within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 7 }
        
   ipsAuthIdentKerberosAttrGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredKerbPrincipal,
           ipsAuthCredKerbRowStatus,
           ipsAuthCredKerbStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           Kerberos credentials within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 8 }
        
   ipsAuthIdentKerberosAttrGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredKerbPrincipal,
           ipsAuthCredKerbRowStatus,
           ipsAuthCredKerbStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           Kerberos credentials within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 8 }
        
   --******************************************************************
        
   --******************************************************************
        

ipsAuthComplianceV1 MODULE-COMPLIANCE STATUS current DESCRIPTION "Initial version of compliance statement based on initial version of this MIB module.

IPAuthComplianceV1模块-合规状态当前描述“基于此MIB模块初始版本的合规声明初始版本。

           The Instance and Identity groups are mandatory;
           at least one of the other groups (Name, Address,
           Credential, Certificate) is also mandatory for
           any given implementation."
       MODULE       -- this module
       MANDATORY-GROUPS {
           ipsAuthInstanceAttributesGroup,
           ipsAuthIdentAttributesGroup
       }
        
           The Instance and Identity groups are mandatory;
           at least one of the other groups (Name, Address,
           Credential, Certificate) is also mandatory for
           any given implementation."
       MODULE       -- this module
       MANDATORY-GROUPS {
           ipsAuthInstanceAttributesGroup,
           ipsAuthIdentAttributesGroup
       }
        
       -- Conditionally mandatory groups to be included with
       -- the mandatory groups when necessary.
        
       -- Conditionally mandatory groups to be included with
       -- the mandatory groups when necessary.
        

GROUP ipsAuthIdentNameAttributesGroup DESCRIPTION "This group is mandatory for all implementations that make use of unique identity names."

GROUP IPAuthIdentityNameAttributesGroup DESCRIPTION“此组对于使用唯一标识名的所有实现都是必需的。”

GROUP ipsAuthIdentAddrAttributesGroup DESCRIPTION "This group is mandatory for all implementations that use addresses to help verify identities."

GROUP IPAuthIdentintAddRattributeGroup DESCRIPTION“对于使用地址帮助验证身份的所有实现,此组都是必需的。”

GROUP ipsAuthIdentCredAttributesGroup DESCRIPTION "This group is mandatory for all implementations that use credentials to help verify identities."

GROUP IpsAuthIdentintCredatTributesGroup DESCRIPTION“对于使用凭据帮助验证身份的所有实现,此组都是必需的。”

GROUP ipsAuthIdentChapAttrGroup DESCRIPTION "This group is mandatory for all implementations that use CHAP to help verify identities.

GROUP IPAuthIdentintChapAttrGroup DESCRIPTION“对于使用CHAP帮助验证身份的所有实现,此组都是必需的。

The ipsAuthIdentCredAttributesGroup must be implemented if this group is implemented."

如果实现了IPAuthIdentidCredAttributesGroup,则必须实现该组。“

GROUP ipsAuthIdentSrpAttrGroup DESCRIPTION "This group is mandatory for all implementations that use SRP to help verify identities.

组IPAuthIdentintSrPattRGroup DESCRIPTION“对于使用SRP帮助验证身份的所有实现,此组都是必需的。

The ipsAuthIdentCredAttributesGroup must be implemented if this group is implemented."

如果实现了IPAuthIdentidCredAttributesGroup,则必须实现该组。“

GROUP ipsAuthIdentKerberosAttrGroup DESCRIPTION "This group is mandatory for all implementations that use Kerberos to help verify identities.

GROUP IpsAuthIdentidentKerberosattrgroup DESCRIPTION“对于使用Kerberos帮助验证身份的所有实现,此组都是必需的。

The ipsAuthIdentCredAttributesGroup must be implemented if this group is implemented."

如果实现了IPAuthIdentidCredAttributesGroup,则必须实现该组。“

OBJECT ipsAuthInstDescr MIN-ACCESS read-only DESCRIPTION "Write access is not required."

对象IPAuthInstDescr最小访问只读描述“不需要写访问。”

OBJECT ipsAuthInstStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required."

对象IPAuthInstStorageType最小访问只读描述“不需要写访问。”

OBJECT ipsAuthIdentDescription MIN-ACCESS read-only DESCRIPTION "Write access is not required."

对象IPAuthIdentintDescription MIN-ACCESS只读说明“不需要写访问权限。”

OBJECT ipsAuthIdentRowStatus SYNTAX INTEGER { active(1) } -- subset of RowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required, and only one of the six enumerated values for the RowStatus textual convention need be supported, specifically: active(1)."

OBJECT IPAuthIdentintRowStatus语法整数{active(1)}——RowStatus最小访问只读描述的子集“不需要写访问,并且只需要支持RowStatus文本约定的六个枚举值中的一个,特别是:active(1)。”

OBJECT ipsAuthIdentName MIN-ACCESS read-only DESCRIPTION "Write access is not required."

对象IPAuthIdentintName最小访问只读描述“不需要写入访问权限。”

OBJECT ipsAuthIdentNameRowStatus SYNTAX INTEGER { active(1) } -- subset of RowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required, and only one of the six enumerated values for the RowStatus textual convention need be supported, specifically: active(1)."

OBJECT IPAuthIdentintNameRowStatus语法整数{active(1)}——RowStatus最小访问只读描述的子集“不需要写访问,并且只需要支持RowStatus文本约定的六个枚举值中的一个,特别是:active(1)。”

OBJECT ipsAuthIdentAddrType MIN-ACCESS read-only DESCRIPTION "Write access is not required."

对象IPAuthIdentintAddrType MIN-ACCESS只读说明“不需要写访问权限。”

OBJECT ipsAuthIdentAddrStart MIN-ACCESS read-only DESCRIPTION "Write access is not required."

对象IPAuthIdentintAddrStart最小访问只读描述“不需要写访问。”

OBJECT ipsAuthIdentAddrEnd MIN-ACCESS read-only DESCRIPTION "Write access is not required."

对象IPAuthIdentintAddRend最小访问只读说明“不需要写入访问权限。”

OBJECT ipsAuthIdentAddrRowStatus SYNTAX INTEGER { active(1) } -- subset of RowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required, and only one of the six enumerated values for the RowStatus textual convention need be supported, specifically: active(1)."

OBJECT IpsAuthIdentintAddErrorStatus语法整数{active(1)}——RowStatus最小访问只读描述的子集“不需要写访问,并且只需要支持RowStatus文本约定的六个枚举值中的一个,特别是:active(1)。”

OBJECT ipsAuthCredAuthMethod MIN-ACCESS read-only DESCRIPTION "Write access is not required."

对象ipsAuthCredAuthMethod最小访问只读描述“不需要写访问。”

OBJECT ipsAuthCredRowStatus SYNTAX INTEGER { active(1) } -- subset of RowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required, and only one of the

对象ipsAuthCredRowStatus语法整数{active(1)}——RowStatus MIN-ACCESS只读描述的子集“不需要写访问权限,并且只有一个

six enumerated values for the RowStatus textual convention need be supported, specifically: active(1)."

需要支持RowStatus文本约定的六个枚举值,特别是:active(1)。”

OBJECT ipsAuthCredChapUserName MIN-ACCESS read-only DESCRIPTION "Write access is not required."

对象ipsAuthCredChapUserName最小访问只读描述“不需要写访问。”

OBJECT ipsAuthCredChapRowStatus SYNTAX INTEGER { active(1) } -- subset of RowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required, and only one of the six enumerated values for the RowStatus textual convention need be supported, specifically: active(1)."

OBJECT ipsAuthCredChapRowStatus语法整数{active(1)}——RowStatus最小访问只读描述的子集“不需要写访问,并且只需要支持RowStatus文本约定的六个枚举值中的一个,具体来说是:active(1)。”

OBJECT ipsAuthCredSrpUserName MIN-ACCESS read-only DESCRIPTION "Write access is not required."

对象ipsAuthCredSrpUserName最小访问只读描述“不需要写访问。”

OBJECT ipsAuthCredSrpRowStatus SYNTAX INTEGER { active(1) } -- subset of RowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required, and only one of the six enumerated values for the RowStatus textual convention need be supported, specifically: active(1)."

对象ipsAuthCredSrpRowStatus语法整数{active(1)}——RowStatus MIN-ACCESS只读描述的子集“不需要写访问,只需要支持RowStatus文本约定的六个枚举值中的一个,特别是:active(1)。”

OBJECT ipsAuthCredKerbPrincipal MIN-ACCESS read-only DESCRIPTION "Write access is not required."

对象IPSAuthCredkerPrincipal最小访问只读描述“不需要写访问。”

OBJECT ipsAuthCredKerbRowStatus SYNTAX INTEGER { active(1) } -- subset of RowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required, and only one of the six enumerated values for the RowStatus textual convention need be supported, specifically: active(1)."

对象ipsAuthCredKerbRowStatus语法整数{active(1)}——RowStatus MIN-ACCESS只读描述的子集“不需要写访问,只需要支持RowStatus文本约定的六个枚举值中的一个,具体来说是:active(1)。”

   ::= { ipsAuthCompliances 1 }
        
   ::= { ipsAuthCompliances 1 }
        

END

终止

9. Security Considerations
9. 安全考虑
9.1. MIB Security Considerations
9.1. MIB安全注意事项

There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability:

此MIB模块中定义了许多管理对象,其MAX-ACCESS子句为read-write和/或read-create。在某些网络环境中,此类对象可能被视为敏感或易受攻击。在没有适当保护的非安全环境中支持SET操作可能会对网络操作产生负面影响。以下是表和对象及其敏感度/漏洞:

o in the ipsAuthInstanceAttributesTable:

o 在IPSAuthInstanceAttribute属性中:

- ipsAuthInstDescr could be modified to camouflage the existence of a rogue authorization instance;

- ipsauthinsdescr可以修改为伪装存在恶意授权实例;

o in the ipsAuthIdentAttributesTable:

o 在IPAuthIdentityAttributeTable中:

- ipsAuthIdentDescription could be modified to camouflage the existence of a rogue identity;

- ipsAuthIdentDescription可以修改为伪装盗贼身份的存在;

- ipsAuthIdentRowStatus could be modified to add or delete a rogue identity;

- IPAuthIdentintRowStatus可以修改为添加或删除流氓身份;

- ipsAuthIdentStorageType could be modified to make temporary rows permanent, or permanent rows temporary;

- IPAuthIdentintStorageType可以修改为使临时行永久,或使永久行临时;

o in the ipsAuthIdentNameAttributesTable:

o 在IPAuthIdentityNameAttributeTable中:

- ipsAuthIdentName could be modified to change the name of an existing identity;

- 可以修改IPAuthIdentityName以更改现有标识的名称;

- ipsAuthIdentNameRowStatus could be modified to add or delete a name of an existing identity;

- IPAuthIdentityNameRowStatus可以修改为添加或删除现有标识的名称;

- ipsAuthIdentNameStorageType could be modified to make temporary rows permanent, or permanent rows temporary;

- IPAuthIdentityNameStorageType可以修改为使临时行永久,或使永久行临时;

o in the ipsAuthIdentAddrAttributesTable:

o 在IPAuthIdentityAddRattributeTable中:

- ipsAuthIdentAddrType could be modified to change the type of address checking performed;

- 可以修改IPAuthIdentintAddrType以更改执行的地址检查的类型;

- ipsAuthIdentAddrStart could be modified to change the start of the allowed range;

- 可以修改IPAuthIdentintAddrStart以更改允许范围的开始;

- ipsAuthIdentAddrEnd could be modified to change the end of the allowed range;

- 可以修改IPAuthidentAddRend以更改允许范围的结尾;

- ipsAuthIdentAddrRowStatus could be modified to add or delete the checking of an address range;

- 可以修改IPAuthIdentintAddErrorStatus以添加或删除对地址范围的检查;

- ipsAuthIdentAddrStorageType could be modified to make temporary rows permanent, or permanent rows temporary;

- IPAuthIdentidAddrStorageType可以修改为使临时行永久,或使永久行临时;

o in the ipsAuthCredentialAttributesTable:

o 在IPSAuthCredentialAttibleTestable中:

- ipsAuthCredAuthMethod could be modified to change the type of authentication to be used;

- 可以修改ipsAuthCredAuthMethod以更改要使用的身份验证类型;

- ipsAuthCredRowStatus could be modified to add or delete checking of credentials;

- 可以修改IPAuthCredRowstatus以添加或删除凭证检查;

- ipsAuthCredStorageType could be modified to make temporary rows permanent, or permanent rows temporary;

- IPAuthCredStorageType可以修改为使临时行永久,或使永久行临时;

o in the ipsAuthCredChapAttributesTable:

o 在IPSAuthCredChapAttributes表格中:

- ipsAuthCredChapUserName could be modified to change the CHAP user name for a credential;

- 可以修改IPAuthCredChapUserName以更改凭证的CHAP用户名;

- ipsAuthCredChapRowStatus could be modified to add or delete CHAP attributes for credentials;

- 可以修改IPAuthCredChapRowStatus以添加或删除凭据的CHAP属性;

- ipsAuthCredChapStorageType could be modified to make temporary rows permanent, or permanent rows temporary;

- ipsAuthCredChapStorageType可以修改为使临时行永久,或使永久行临时;

o in the ipsAuthCredSrpAttributesTable:

o 在IPSAuthCredSrpAttributeTable中:

- ipsAuthCredSrpUserName could be modified to change the SRP user name for a credential;

- 可以修改ipsAuthCredSrpUserName以更改凭证的SRP用户名;

- ipsAuthCredSrpRowStatus could be modified to add or delete SRP attributes for credentials;

- 可以修改IPAuthCredSrProwstatus以添加或删除凭据的SRP属性;

- ipsAuthCredSrpStorageType could be modified to make temporary rows permanent, or permanent rows temporary;

- IPAuthCredSrpStorageType可以修改为使临时行永久,或使永久行临时;

o in the ipsAuthCredKerbAttributesTable:

o 在IPSAuthCredKerbAttribute属性中:

- ipsAuthCredKerbPrincipal could be modified to change the Kerberos principal for a credential;

- 可以修改IPAuthCredkerbPrincipal以更改凭据的Kerberos主体;

- ipsAuthCredKerbRowStatus could be modified to add or delete Kerberos attributes for credentials;

- 可以修改ipsAuthCredKerbRowStatus以添加或删除凭据的Kerberos属性;

- ipsAuthCredKerbStorageType could be modified to make temporary rows permanent, or permanent rows temporary;

- ipsAuthCredKerbStorageType可以修改为使临时行永久,或使永久行临时;

Note that removal of legitimate credentials can result in either denial of service or weakening the requirements for access of a particular service. Note also that some types of credentials, such as CHAP or SRP, also require passwords or verifiers to be associated with the credential. These are managed outside this MIB module.

请注意,删除合法凭据可能会导致拒绝服务或削弱访问特定服务的要求。还请注意,某些类型的凭据(如CHAP或SRP)还要求密码或验证器与凭据关联。这些是在此MIB模块外部管理的。

Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability:

在某些网络环境中,此MIB模块中的某些可读对象(即具有MAX-ACCESS而非not ACCESS的对象)可能被视为敏感或易受攻击。因此,在通过SNMP通过网络发送这些对象时,控制甚至获取和/或通知对这些对象的访问,甚至可能加密这些对象的值,这一点非常重要。以下是表和对象及其敏感度/漏洞:

o All tables (specifically: ipsAuthInstanceAttributesTable, ipsAuthIdentAttributesTable, ipsAuthIdentNameAttributesTable, ipsAuthIdentAddrAttributesTable, ipsAuthCredentialAttributesTable, ipsAuthCredChapAttributesTable, ipsAuthCredSrpAttributesTable, and ipsAuthCredKerbAttributesTable) provide the ability to find out which names, addresses, and credentials would be required to access services on the managed system. If these credentials are easily spoofed (particularly the name or address), read access to this MIB module must be tightly controlled. When used with pointers from another MIB module to rows in the ipsAuthIdentAttributesTable, this MIB module provides information about which entities are authorized to connect to which entities.

o 所有表(特别是:IPSAuthInstanceAttributeTable、IPSAuthIdentityAttributeTable、IPSAuthIdentityNameAttributeTable、IPSAuthIdentityAddAttributeTable、IPSAuthCredentialAttributeTable、IPSAuthCredShapAttributeTable、IPSAuthCredRpAttributeTable和IPSAuthCredKerbAttributeTable)都提供了查找哪些名称、地址、,访问托管系统上的服务需要凭据。如果这些凭证很容易被伪造(特别是名称或地址),则必须严格控制对此MIB模块的读取访问。当与从另一个MIB模块指向IPSAuthIdentityAttribute表中的行的指针一起使用时,此MIB模块提供有关哪些实体被授权连接到哪些实体的信息。

SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module.

SNMPv3之前的SNMP版本未包含足够的安全性。即使网络本身是安全的(例如通过使用IPsec),即使如此,也无法控制安全网络上的谁可以访问和获取/设置(读取/更改/创建/删除)此MIB模块中的对象。

It is RECOMMENDED that implementors consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy).

建议执行者考虑SNMPv3框架所提供的安全特性(参见[RCFC310],第8节),包括对SNMPv3加密机制的完全支持(用于身份验证和隐私)。

Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an

此外,不建议部署SNMPv3之前的SNMP版本。相反,建议部署SNMPv3并启用加密安全性。然后,客户/运营商有责任确保允许访问网络的SNMP实体

instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.

此MIB模块的实例被正确配置为仅允许那些拥有合法权限来获取或设置(更改/创建/删除)对象的主体(用户)访问这些对象。

In many implementations, the objects in this MIB module can be read and modified via other mechanisms or protocols in addition to this MIB module. For the system to be secure, other mechanisms that can read and modify the contents of this MIB module must also address the above issues, and handle the threats outlined in [RFC3411], section 1.4.

在许多实现中,除此MIB模块外,还可以通过其他机制或协议读取和修改此MIB模块中的对象。为了确保系统的安全,可以读取和修改此MIB模块内容的其他机制也必须解决上述问题,并处理[RFC3411]第1.4节中概述的威胁。

Given the sensitivity of information contained in this MIB module, it is strongly recommended that encryption (SNMPv3 with a securityLevel of authPriv [RFC3411]) be used for all access to objects in this MIB module.

鉴于此MIB模块中包含的信息的敏感性,强烈建议对此MIB模块中对象的所有访问使用加密(安全级别为authPriv[RFC3411]的SNMPv3)。

9.2. Other Security Considerations
9.2. 其他安全考虑

An identity consists of a set of names (e.g., an iSCSI Initiator Name), addresses (e.g., an IP address or Fibre Channel World Wide Name (WWN)), and credentials (e.g., a CHAP user name).

标识由一组名称(例如iSCSI启动器名称)、地址(例如IP地址或光纤通道全球通用名称(WWN))和凭据(例如CHAP用户名)组成。

To match an identity, one must match:

要匹配标识,必须匹配:

o One of the IdentNames belonging to the IdentIndex, unless there are no IdentNames for the IdentIndex, and

o 属于IdentIndex的IdentNames之一,除非IdentIndex没有IdentNames,以及

o One of the IdentAddrs belonging to the IdentIndex, unless there are no IdentAddrs for the IdentIndex, and

o 属于IdentIndex的identiaddr之一,除非IdentIndex没有identiaddr,以及

o One of the IdentCreds belonging to the IdentIndex, unless there are no Creds for the IdentIndex.

o 属于IdentIndex的identcred之一,除非IdentIndex没有cred。

Note that if any of the above lists are empty for a given IdentIndex, any identifier of that type is considered to match the identity. The non-empty lists will still be checked. For example, if the IdentAddrs list is empty for the IndentIndex, but there are entries in IdentNames and IdentCreds, any address will be considered a match, as long as the offered name and credential match one of the IdentNames and IdentCreds, respectively.

请注意,如果上述任何列表对于给定的IdentIndex为空,则认为该类型的任何标识符都与该标识匹配。非空列表仍将被检查。例如,如果IndentIndex的IdentAddrs列表为空,但IdentNames和IdentCreds中有条目,则只要提供的名称和凭据分别与IdentNames和IdentCreds中的一个匹配,任何地址都将被视为匹配。

This leaves a possible security window while adding and removing entries from one of these lists. For example, an identity could consist of no IdentNames, no IdentAddrs, and exactly one IdentCred. If that IdentCred was to be updated, several methods could be used:

这会在添加和删除其中一个列表中的条目时留下一个可能的安全窗口。例如,一个标识可以由没有IdentNames、没有identaddr和只有一个IdentCred组成。如果要更新该标识,可以使用几种方法:

o The UserName or Principal could be simply written in the appropriate table, if the credential's type remained the same (recommended).

o 如果凭证的类型保持不变(推荐),则可以简单地将用户名或主体写入相应的表中。

o The new credential could be added, then the old deleted (recommended).

o 可以添加新凭证,然后删除旧凭证(推荐)。

o The new credential could be added, and the old deleted in the same SNMP request (recommended, but do the add first).

o 可以在同一SNMP请求中添加新凭据,并删除旧凭据(建议,但先添加)。

o The old credential could be deleted, then the new added (Don't use!).

o 可以删除旧凭证,然后添加新凭证(不要使用!)。

Of the above methods, the last leaves a window in which the list is empty, possibly allowing unconstrained access to the resource making use of this MIB. This method should never be used for Names, Addrs, or Creds.

在上述方法中,最后一种方法留下一个列表为空的窗口,可能允许使用此MIB对资源进行无限制的访问。此方法不应用于名称、地址或凭据。

The use of the third method, adding and deleting within the same request, should be used with care. It is recommended that within the request, the add be done first. Otherwise, an implementation may attempt to perform these operations in order, potentially leaving a window.

使用第三种方法(在同一请求中添加和删除)时应小心。建议在请求中,首先进行添加。否则,实现可能会尝试按顺序执行这些操作,可能会留下一个窗口。

The first two methods are recommended.

建议使用前两种方法。

Care must also be taken when updating the IdentAddrs for an identity. Each IdentAddr specifies a range of addresses that match the identity, and has an address type, starting address, and ending address. Modifying these one at a time can open a temporary window where a larger range of addresses are allowed. For example, a single address is specified using IdentAddrType = ipv4, IdentAddrStart = IdentAddrEnd = 192.0.2.5. We want to update this to specify the single address 192.0.2.34. If the end address is updated first, we temporarily allow the range 192.0.2.5 .. 192.0.2.34, which is not what we want. Similarly, if we change from 192.0.2.34 back to 192.0.2.5, and we update IdentAddrStart first, we end up with the range again. To handle this, an application must either:

更新标识的identiaddrs时也必须小心。每个identiaddr指定与标识匹配的地址范围,并具有地址类型、起始地址和结束地址。一次修改一个地址可以打开一个临时窗口,允许使用更大范围的地址。例如,使用IdentAddrType=ipv4、IdentAddrStart=IdentAddrEnd=192.0.2.5指定单个地址。我们想更新它以指定单个地址192.0.2.34。如果首先更新结束地址,我们暂时允许范围192.0.2.5。。192.0.2.34,这不是我们想要的。类似地,如果我们从192.0.2.34更改回192.0.2.5,并首先更新IdentAddrStart,那么我们将再次使用该范围。要处理此问题,应用程序必须:

o update both IdentAddrStart and IdentAddrEnd in the same SNMP set request, or

o 在同一SNMP设置请求中同时更新IdentAddrStart和IdentAddrEnd,或

o add the new IdentAddrStart and IdentAddrEnd with a new IdentAddrIndex, then delete the old one, using the methods shown before.

o 使用新的IdentAddrIndex添加新的IdentAddrStart和IdentAddrEnd,然后使用前面显示的方法删除旧的IdentAddrIndex。

Since the value of IdentAddrType specifies the formats of IdentAddrStart and IdentAddrEnd, modification of IdentAddrType is not allowed for an existing row.

由于IdentAddrType的值指定IdentAddrStart和IdentAddrEnd的格式,因此不允许对现有行修改IdentAddrType。

10. IANA Considerations
10. IANA考虑

The IANA has assigned a MIB OID number under the mib-2 branch for the IPS-AUTH-MIB.

IANA在MIB-2分支下为IPS-AUTH-MIB分配了一个MIB OID号。

11. Normative References
11. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J. , Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.

[RFC2578]McCloghrie,K.,Perkins,D.,Schoenwaeld,J.,Case,J.,Rose,M.,和S.Waldbusser,“管理信息的结构版本2(SMIv2)”,STD 58,RFC 2578,1999年4月。

[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.

[RFC2579]McCloghrie,K.,Perkins,D.,Schoenwaeld,J.,Case,J.,Rose,M.,和S.Waldbusser,“SMIv2的文本约定”,STD 58,RFC 2579,1999年4月。

[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.

[RFC2580]McCloghrie,K.,Perkins,D.,Schoenwaeld,J.,Case,J.,Rose,M.,和S.Waldbusser,“SMIv2的一致性声明”,STD 58,RFC 25801999年4月。

[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", RFC 3411, December 2002.

[RFC3411]Harrington,D.,Presohn,R.,和B.Wijnen,“描述简单网络管理协议(SNMP)管理框架的体系结构”,RFC 3411,2002年12月。

[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005.

[RFC4001]Daniele,M.,Haberman,B.,Routhier,S.,和J.Schoenwaeld,“互联网网络地址的文本约定”,RFC 4001,2005年2月。

[IANA-AF] IANA, "IANA Address Family Numbers MIB", http://www.iana.org/assignments/ ianaaddressfamilynumbers-mib.

[IANA-AF]IANA,“IANA地址系列号MIB”,http://www.iana.org/assignments/ IANAAddressFamilyNumber mib。

[RFC4293] Routhier, S., "Management Information Base for the Internet Protocol (IP)", RFC 4293, April 2006.

[RFC4293]Routhier,S.,“互联网协议(IP)的管理信息库”,RFC 4293,2006年4月。

[RFC1994] Simpson, W., "PPP Challenge Handshake Authentication Protocol (CHAP)", RFC 1994, August 1996.

[RFC1994]辛普森,W.,“PPP挑战握手认证协议(CHAP)”,RFC 1994,1996年8月。

[RFC4120] Neuman, C., Yu, T., Hartman, S., and K. Raeburn, "The Kerberos Network Authentication Service (V5)", RFC 4120, July 2005.

[RFC4120]Neuman,C.,Yu,T.,Hartman,S.,和K.Raeburn,“Kerberos网络身份验证服务(V5)”,RFC41202005年7月。

[RFC2945] Wu, T., "The SRP Authentication and Key Exchange System", RFC 2945, September 2000.

[RFC2945]Wu,T.,“SRP认证和密钥交换系统”,RFC 29452000年9月。

12. Informative References
12. 资料性引用

[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002.

[RFC3410]Case,J.,Mundy,R.,Partain,D.,和B.Stewart,“互联网标准管理框架的介绍和适用性声明”,RFC 34102002年12月。

[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 3414, December 2002.

[RFC3414]Blumenthal,U.和B.Wijnen,“简单网络管理协议(SNMPv3)第3版的基于用户的安全模型(USM)”,RFC 34142002年12月。

[RFC3720] Satran, J., Meth, K., Sapuntzakis, C., Chadalapaka, M., and E. Zeidner, "Internet Small Computer Systems Interface (iSCSI)", RFC 3720, March 2004.

[RFC3720]Satran,J.,Meth,K.,Sapuntzakis,C.,Chadalapaka,M.,和E.Zeidner,“互联网小型计算机系统接口(iSCSI)”,RFC 3720,2004年3月。

[RFC1737] Sollins, K. and L. Masinter, "Functional Requirements for Uniform Resource Names", RFC 1737, December 1994.

[RFC1737]Sollins,K.和L.Masinter,“统一资源名称的功能要求”,RFC 1737,1994年12月。

[RFC4044] McCloghrie, K., "Fibre Channel Management MIB", RFC 4044, May 2005.

[RFC4044]McCloghrie,K.,“光纤通道管理MIB”,RFC 4044,2005年5月。

13. Acknowledgements
13. 致谢

In addition to the authors, several people contributed to the development of this MIB module through discussions of authentication, authorization, and access within the iSCSI MIB module and security teams, including John Hufferd, Marjorie Krueger, Keith McCloghrie, Tom McSweeney, Steve Senum, and Josh Tseng. Thanks also to Bill Studenmund (Wasabi Systems) for adding the Kerberos method, and to Ayman Ghanem for finding and suggesting changes to several problems found in the MIB module.

除了作者之外,还有几个人通过在iSCSI MIB模块和安全团队中讨论身份验证、授权和访问,为MIB模块的开发做出了贡献,包括John Hufferd、Marjorie Krueger、Keith McLoghrie、Tom McSweeney、Steve Senum和Josh Tseng。还要感谢Bill Studenmund(Wasabi Systems)添加Kerberos方法,以及Ayman Ghanem查找并建议对MIB模块中发现的几个问题进行更改。

Thanks especially to Keith McCloghrie for serving as advisor for this MIB module.

特别感谢Keith McCloghrie担任此MIB模块的顾问。

Authors' Addresses

作者地址

Mark Bakke Postal: Cisco Systems, Inc 7900 International Drive, Suite 400 Bloomington, MN USA 55425

Mark Bakke Postal:思科系统公司,地址:美国明尼苏达州布卢明顿国际大道7900号400室,邮编:55425

   EMail: mbakke@cisco.com
        
   EMail: mbakke@cisco.com
        

James Muchow Postal: Qlogic Corp. 6321 Bury Drive Eden Prairie, MN USA 55346

詹姆斯·穆肖邮政:Qlogic公司,地址:美国明尼苏达州伊甸草原伯里大道6321号,邮编:55346

   EMail: james.muchow@qlogic.com
        
   EMail: james.muchow@qlogic.com
        

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2006).

版权所有(C)互联网协会(2006年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.

Acknowledgement

确认

Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).

RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。