SNMPUSM(1)SNMPUSM(1)NAMEsnmpusm - creates and maintains SNMPv3 user's on a remote
entity.
SYNOPSISsnmpusm [ common arguments ] create username [cloneFro
mUser]
snmpusm [ common arguments ] delete username
snmpusm [ common arguments ] cloneFrom username cloneFro
mUser
snmpusm [ common arguments ] passwd [-Co] [-Ca] [-Cx]
old_passphrase new_passphrase
DESCRIPTION
Snmpusm is an SNMP application that can be used to do sim
ple maintenance on a SNMP agent's User based Security Mod
ule (USM) table. You can create, delete, clone, and
change the password of users configured on a running SNMP
agent.
The SNMPv3 USM specifications (see RFC2574) dictate that
users are created and maintained by adding and modifying
rows to the usmUser MIB table. To create a new user you
simply create the row using an snmpset. User's profiles
contain private keys that are never transmitted over the
wire in clear text (regardless of whether the administra
tion requests are in encrypted or not).
The secret key for a user is initially set by cloning
another user in the table, so that a new user inherits the
cloned user's secret key. A user can only be cloned once,
however, after which they must be deleted and re-created
to be re-cloned. The authentication and privacy security
types are also inherited during this cloning (E.G., MD5 vs
SHA1). To change the secret key for a user, you must know
the user's old passphrase as well as the new one. The
passwd sub-command of the snmpusm command, therefore,
requires both the new and the old password to be supplied.
After cloning from the appropriate template, you should
immediately change the new users password.
The ucd-snmp agent must first be initialized so that at
least one user is setup in it before you can use this com
mand to clone new ones. See the snmpd.conf(5) manual page
on the createUser configuration parameter.
EXAMPLES
Lets assume for our examples that the following VACM and
USM configurations lines were in the snmpd.conf file for a
ucd-snmp agent, which sets up a default user called "ini
tial" with the passphrase "setup_password" so that we can
perform the initial setup of an agent:
# VACM configuration entries
02 Feb 2000 1
SNMPUSM(1)SNMPUSM(1)
rwuser initial
# lets add the new user we'll create too:
rwuser wes
# USM configuration entries
createUser initial MD5 setup_password DES
Note: that the "initial" user's setup should be removed
after creating a real user that you grant administrative
privileges to (like the user "wes" we'll be creating in
this example.
Note: passwords (passphrases really) must be 8 characters
minimum in length.
snmpusm-v 3 -u initial -n " -l authNoPriv -a MD5 -A
setup_pass word localhost create wes initial
Creates a new user, here named "wes" using the user
"initial" to do it. "wes" is cloned from "initial"
in the process, so he inherits that users password
("setup_password").
snmpusm-v 3 -u wes -n " -l authNoPriv -a MD5 -A
setup_password localhost passwd -setup_password
new_passphrase
After creating the user "wes" with the same pass
word as the "initial" user, we need to change his
passphrase for him. The above command changed it
from "setup_password", which was inherited from the
initial user, to "new_passphrase".
snmpget -v 3 -u wes -n " -l authNoPriv -a MD5 -A
new_passphrase localhost sysUpTime.0
If the above commands were successful, this command
should have properly performed an authenticated
snmpv3 GET request to the agent.
Now, go remove the vacm "group" snmpd.conf entry for the
"initial" user and you have a valid user 'wes' that you
can use for future transactions instead of initial.
SEE ALSOsnmpd.conf(5), snmp.conf(5)
02 Feb 2000 2
