Import translated manuals from JM CVS Repository.

[linuxjm/jm.git] / manual / ucd-snmp / original / man1 / snmpusm.1

.TH SNMPUSM 1 "02 Feb 2000"
.UC 4
.SH NAME
snmpusm - creates and maintains SNMPv3 user's on a remote entity.
.SH SYNOPSIS
snmpusm [ common arguments ] create username [cloneFromUser]
.br
snmpusm [ common arguments ] delete username
.br
snmpusm [ common arguments ] cloneFrom username cloneFromUser
.br
snmpusm [ common arguments ] passwd [-Co] [-Ca] [-Cx] old_passphrase new_passphrase

.SH DESCRIPTION
Snmpusm is an SNMP application that can be used to do simple maintenance
on a SNMP agent's User based Security Module (USM) table.  You can
create, delete, clone, and change the password of users configured on a 
running SNMP agent.
.PP
The SNMPv3 USM specifications (see RFC2574) dictate that users are
created and maintained by adding and modifying rows to the usmUser MIB
table.  To create a new user you simply create the row using an
snmpset.  User's profiles contain private keys that are never
transmitted over the wire in clear text (regardless of whether the
administration requests are in encrypted or not).  
.PP
The secret key for a user is initially set by cloning another user in
the table, so that a new user inherits the cloned user's secret key.
A user can only be cloned once, however, after which they must be
deleted and re-created to be re-cloned.  The authentication and
privacy security types are also inherited during this cloning (E.G.,
MD5 vs SHA1).  To change the secret key for a user, you must know the
user's old passphrase as well as the new one.  The passwd sub-command
of the snmpusm command, therefore, requires both the new and the old
password to be supplied.  After cloning from the appropriate
template, you should immediately change the new users password.
.PP
The ucd-snmp agent must first be initialized so that at least one user
is setup in it before you can use this command to clone new ones.  See the
.I snmpd.conf(5)
manual page on the
.B createUser
configuration parameter.
.SH EXAMPLES
.PP
Lets assume for our examples that the following VACM and USM
configurations lines were in the snmpd.conf file for a ucd-snmp agent,
which sets up a default user called "initial" with the passphrase
"setup_password" so that we can perform the initial setup of an agent:
.RS
.nf
# VACM configuration entries
rwuser initial
# lets add the new user we'll create too:
rwuser wes
# USM configuration entries
createUser initial MD5 setup_password DES
.fi
.RE
Note: that the "initial" user's setup should be removed after creating
a real user that you grant administrative privileges to (like the user 
"wes" we'll be creating in this example.
.PP
Note: passwords (passphrases really) must be 8 characters minimum in
length.
.IP "snmpusm -v 3 -u initial -n "" -l authNoPriv -a MD5 -A setup_password localhost create wes initial"
Creates a new user, here named "wes" using the user "initial" to do
it.  "wes" is cloned from "initial" in the process, so he inherits
that users password ("setup_password").
.IP "snmpusm -v 3 -u wes -n "" -l authNoPriv -a MD5 -A setup_password localhost passwd -setup_password new_passphrase"
After creating the user "wes" with the same password as the
"initial" user, we need to change his passphrase for him.  The above
command changed it from "setup_password", which was inherited from
the initial user, to "new_passphrase".
.IP "snmpget -v 3 -u wes -n "" -l authNoPriv -a MD5 -A new_passphrase localhost sysUpTime.0"
If the above commands were successful, this command should have
properly performed an authenticated snmpv3 GET request to the agent.
.PP
Now, go remove the vacm "group" snmpd.conf entry for the "initial"
user and you have a valid user 'wes' that you can use for future
transactions instead of initial.
.PP
.SH "SEE ALSO"
snmpd.conf(5), snmp.conf(5)