snmpusm(1M) System Administration Commands snmpusm(1M)NAMEsnmpusm - create and maintain SNMPv3 users on a remote entity
SYNOPSISsnmpusm [common options] AGENT create user [clonefrom-user]
snmpusm [common options] AGENT delete user
snmpusm [common options] AGENT cloneFrom user clonefrom-user
snmpusm [common options] [-Co] [-Ca] [-Cx] AGENT passwd old-passphrase
new-passphrase
DESCRIPTION
The snmpusm utility is an SNMP application that can be used to do sim‐
ple maintenance on an SNMP agent's User-based Security Module (USM) ta‐
ble. The user needs write access to the usmUserTable MIB table. You can
create, delete, clone, and change the passphrase of users configured on
a running SNMP agent.
The SNMPv3 USM specifications (see RFC 3414) dictate that users are
created and maintained by adding and modifying rows to the usmUserTable
MIB table. To create a new user you simply create the row using
snmpset(1M). User's profiles contain private keys that are never trans‐
mitted over the wire in clear text, regardless of whether the adminis‐
tration requests are encrypted.
The secret key for a user is initially set by cloning another user in
the table, so that a new user inherits the cloned user's secret key. A
user can be cloned only once, however, after which they must be deleted
and re-created to be re-cloned. The authentication and privacy security
types are also inherited during this cloning (for example, MD5 vs.
SHA1). To change the secret key for a user, you must know the user's
old passphrase as well as the new one. The passwd subcommand of the
snmpusm command requires both the new and the old passphrases be sup‐
plied. After cloning from the appropriate template, you should immedi‐
ately change the new user's passphrase.
The Net-SNMP agent must first be initialized so that at least one user
is setup in it before you can use this command to clone new ones. See
the snmpd.conf(4) manual page for a description of the createUser con‐
figuration parameter.
Passphrases must be a minimum of eight characters in length.
OPTIONS
See snmpcmd(1M) for a description of common options.
EXAMPLES
Assume for our examples that the following VACM and USM configurations
lines are in the snmpd.conf file for a Net-SNMP agent. These lines set
up a default user named initial with the authentication passphrase set‐
up_passphrase. Establishing these parameters enables the initial setup
of an agent.
# VACM configuration entries
rwuser initial
# The name of the new user that is going to be created
rwuser wes
# USM configuration entries
createUser initial MD5 setup_passphrase DES
Note that the initial user's setup should be removed after creating a
real user to whom you grant administrative privileges. The real user is
wes in this example.
Example 1: Creating a New User
The following command creates a new user, wes, which is cloned from
initial. wes inherits that user's passphrase, setup_passphrase.
# snmpusm-v3 -u initial -n "" -l authNoPriv -a MD5 -A setup_passphrase \
localhost create wes initial
Example 2: Changing the User's Passphrase
After creating the user wes with the same passphrase as the user ini‐
tial, we need to change his passphrase for wes. The following command
changes it from setup_passphrase, which was inherited from initial, to
new_passphrase.
# snmpusm-v 3 -u wes -n "" -l authNoPriv -a MD5 -A setup_passphrase \
localhost passwd setup_passphrase new_passphrase
Example 3: Testing the New User
If the preceding commands were successful, the following command should
perform an authenticated SNMPv3 GET request to the agent.
# snmpget -v 3 -u wes -n "" -l authNoPriv -a MD5 -A new_passphrase \
localhost sysUpTime.0
Following a successful test, remove the VACM group snmpd.conf entry for
the user initial. At this point, you have a valid user wes that you can
use for future transactions.
EXIT STATUS
0
Successful completion.
1
A usage syntax error. A usage message is displayed. Also used for
timeout errors.
2
An error occurred while executing the command. An error message is
displayed.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWsmcmd │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │External │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOsnmpcmd(1M), snmpset(1M), snmpd.conf(4), attributes(5)
RFC 3414
SunOS 5.10 20 Jan 2004 snmpusm(1M)