📄 rfc1445.txt
字号:
authInfo ANY, -- defined by authentication protocol authData SnmpMgmtCom } For each SnmpAuthMsg value that represents a SNMPv2 authenticated management communication, the following statements are true: o Its authInfo component is called the authentication information and represents information required in support of the authentication protocol used by the SNMPv2 party originating the message. The detailed significance of the authentication information is specific to the authentication protocol in use; it has no effect on the application semantics of the communication other than its use by the authentication protocol in determining whether the communication is authentic or not. o Its authData component is called the authentication data and represents a SNMPv2 management communication. Galvin & McCloghrie [Page 12]
RFC 1445 Administrative Model for SNMPv2 April 1993 2.11. SNMPv2 Private Management Communication A SNMPv2 private management communication is a SNMPv2 authenticated management communication (see Section 2.10) that is (possibly) protected from disclosure. A private management communication is represented by an ASN.1 value with the following syntax: SnmpPrivMsg ::= [1] IMPLICIT SEQUENCE { privDst OBJECT IDENTIFIER, privData [1] IMPLICIT OCTET STRING } For each SnmpPrivMsg value that represents a SNMPv2 private management communication, the following statements are true: o Its privDst component is called the privacy destination and identifies the SNMPv2 party to which the communication is directed. o Its privData component is called the privacy data and represents the (possibly encrypted) serialization (according to the conventions of [5]) of a SNMPv2 authenticated management communication (see Section 2.10). Galvin & McCloghrie [Page 13]
RFC 1445 Administrative Model for SNMPv2 April 1993 2.12. SNMPv2 Management Communication Class A SNMPv2 management communication class corresponds to a specific SNMPv2 PDU type defined in [2]. A management communication class is represented by an ASN.1 INTEGER value according to the type of the identifying PDU (see Table 1). Get 1 GetNext 2 Response 4 Set 8 -- unused 16 GetBulk 32 Inform 64 SNMPv2-Trap 128 Table 1: Management Communication Classes The value by which a communication class is represented is computed as 2 raised to the value of the ASN.1 context- specific tag for the appropriate SNMPv2 PDU. A set of management communication classes is represented by the ASN.1 INTEGER value that is the sum of the representations of the communication classes in that set. The null set is represented by the value zero. 2.13. SNMPv2 Access Control Policy A SNMPv2 access control policy is a specification of a local access policy in terms of a SNMPv2 context and the management communication classes which are authorized between a pair of SNMPv2 parties. Architecturally, such a specification comprises four parts: o the targets of SNMPv2 access control - the SNMPv2 parties that may perform management operations as requested by management communications received from other parties, o the subjects of SNMPv2 access control - the SNMPv2 parties that may request, by sending management Galvin & McCloghrie [Page 14]
RFC 1445 Administrative Model for SNMPv2 April 1993 communications to other parties, that management operations be performed, o the managed object resources of SNMPv2 access control - the SNMPv2 contexts which identify the management information on which requested management operations are to be performed, and o the policy that specifies the classes of SNMPv2 management communications pertaining to a particular SNMPv2 context that a particular target is authorized to accept from a particular subject. Conceptually, a SNMPv2 access policy is represented by a collection of ASN.1 values with the following syntax: AclEntry ::= SEQUENCE { aclTarget OBJECT IDENTIFIER, aclSubject OBJECT IDENTIFIER, aclResources OBJECT IDENTIFIER, aclPrivileges INTEGER } For each such value that represents one part of a SNMPv2 access policy, the following statements are true: o Its aclTarget component is called the target and identifies the SNMPv2 party to which the partial policy permits access. o Its aclSubject component is called the subject and identifies the SNMPv2 party to which the partial policy grants privileges. o Its aclResources component is called the managed object resources and identifies the SNMPv2 context referenced by the partial policy. o Its aclPrivileges component is called the privileges and represents a set of SNMPv2 management communication classes which, when they reference the specified SNMPv2 Galvin & McCloghrie [Page 15]
RFC 1445 Administrative Model for SNMPv2 April 1993 context, are authorized to be processed by the specified target party when received from the specified subject party. The application of SNMPv2 access control policy only occurs on receipt of management communications; it is not applied on transmission of management communications. Note, however, that ASN.1 values, having the syntax AclEntry, are also used in determining the destinations of a SNMPv2-Trap [2]. Galvin & McCloghrie [Page 16]
RFC 1445 Administrative Model for SNMPv2 April 1993 3. Elements of Procedure This section describes the procedures followed by a SNMPv2 entity in processing SNMPv2 messages. These procedures are independent of the particular authentication and privacy protocols that may be in use. 3.1. Generating a Request This section describes the procedure followed by a SNMPv2 entity whenever either a management request or a trap notification is to be transmitted by a SNMPv2 party. (1) A SnmpMgmtCom value is constructed for which the srcParty component identifies the originating party, for which the dstParty component identifies the receiving party, for which the context component identifies the desired SNMPv2 context, and for which the pdu component represents the desired management operation. (2) The local database of party information is consulted to determine the authentication protocol and other relevant information for the originating and receiving SNMPv2 parties. (3) A SnmpAuthMsg value is constructed with the following properties: Its authInfo component is constructed according to the authentication protocol specified for the originating party. In particular, if the authentication protocol for the originating SNMPv2 party is identified as noAuth, then this component corresponds to the OCTET STRING value of zero length. Its authData component is the constructed SnmpMgmtCom value. (4) The local database of party information is consulted to determine the privacy protocol and other relevant information for the receiving SNMPv2 party. Galvin & McCloghrie [Page 17]
RFC 1445 Administrative Model for SNMPv2 April 1993 (5) A SnmpPrivMsg value is constructed with the following properties: Its privDst component identifies the receiving SNMPv2 party. Its privData component is the (possibly encrypted) serialization of the SnmpAuthMsg value according to the conventions of [5]. In particular, if the privacy protocol for the receiving SNMPv2 party is identified as noPriv, then the privData component is unencrypted. Otherwise, the privData component is processed according to the privacy protocol. (6) The constructed SnmpPrivMsg value is serialized according to the conventions of [5]. (7) The serialized SnmpPrivMsg value is transmitted using the⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -