NAME

acl.pty - access control configuration for SNMPv2 entities

SYNOPSIS

Target Subject Resources Privileges StorageType

DESCRIPTION

The configuration file acl.pty is one of several configuration files required by the SNMPv2 entities. The default location of acl.pty is /etc/opt/snm/agent or /etc/opt/snm/manager for Solaris 2.x and /etc/snm/agent or /etc/snm/manager for Solaris 1.x, but can be specified by the environment variables SR_AGT_CONF_DIR and

SR_MGR_CONF_DIR.

The acl.pty file defines information for the Access Control List (ACL) table, which in turn contains information about the access privileges for the target-party/subject-party pair. There must be one entry for every intended target that defines the access privileges for the target and subject in their SNMPv2 context.

In other words, for every agent and manager that will be communicating with each other, there must be an entry in the acl.pty file that, along with a corresponding entry in the context.pty file, defines the access privileges for the two entities. See context.pty(5) for more information on the context.

Each entry in the file consists of 1 line:

Target Subject Resources Privileges StorageType

where

Target

represents the target party for this ACL entry. This index must match the partyIndex of an entry in the party table, agt.pty. This party's performance of management operations is constrained by the set of access privileges for this entry (see Privileges below).

Note: The partyAuthProtocol value for this party must be the same as the one for the Subject party in the party table. In other words, the target and the subject parties must have equivalent PartyDiscriminator types in the agt.pty records. See the PartyDiscriminator description in agt.pty(5) for an explanation of the types. The party table entries are discussed further agt.pty(5) and in the Party MIB RFC, RFC1447.

This field is an integer.

Subject similar to Target, represents the subject party for this ACL entry. This index must

match the partyIndex of an entry in the party table, agt.pty. This party's performance of management operations is constrained by the set of access privileges for this entry (see Privileges below).

Note: The partyAuthProtocol value for this party must be the same as the one for the Target party in the party table. In other words, the target and the subject parties must have equivalent PartyDiscriminator types in the agt.pty records. See the PartyDiscriminator description in agt.pty(5) for an explanation of the types. The party table entries are discussed further agt.pty(5) and in the Party MIB RFC, RFC1447.

This field is an integer.

Resources

represents the context for this ACL entry. This index must match the contextIndex of an entry in the context table, context.pty. See context.pty(5) for more information on context entries.

Privileges

represents the value that governs what management operations a particular target party can perform on behalf of the subject (source) party. This field may have a value ranging from 0 to 255. This value is a sum of values, each of which represents a management operation.

Possible values are:

1

Get

2

GetNext

4

Response

8

Set

16

snmpv1trap

32

GetBulk

64

Inform

128

SNMPv2trap

The default value for this field is 35: 1 + 2 + 32 or Get, GetNext, and Getbulk.

partyStorageType

indicates the storage type for this row in the party table. Possible values are:

other

volatile

nonVolatile

permanent

According to RFC1447,

volatile is lost upon reboot, e. g., in RAM,

nonVolatile is backed up by stable storage, e. g., in NVRAM,

permanent cannot be changed or deleted, e. g., in ROM,

and "other" is provided in the unlikely event that someone will find a need for a storage type not covered by the other three.

This field is a case-sensitive string corresponding to one of the above values.

EXAMPLE

An example acl.pty entry might be

1 2 1 43 nonVolatile

which defines this entry as follows:

Target

The party entry with partyIndex of 1 is the destination (or target).

Subject The party entry with partyIndex of 2 is the source (or subject).

Resources
        The context entry that has a contextIndex of 1 is the SNMPv2 context.

Privileges

The entity would expect to be able to perform get, get-next, get-bulk, and set requests with this ACL entry.

StorageType

Store this entry in non-volatile memory, e. g. NVRAM.

FILES

Additional SNMPv2 Configuration Files

When the agent is compiled with either SNMPv2 or both SNMPv1 and SNMPv2 defined, the configuration files acl.pty, agt.pty, context.pty, snmpv2d.conf and view.pty are required for the agent side, and acl.pty, context.pty, mgr.cnf, mgr.pty, and view.pty are required for the manager side.

acl.pty Access control privileges for the SNMPv2 parties.

agt.pty Initial party table information for the agent.

context.pty

Context information for the SNMPv2 parties.

mgr.cnf

Configuration information for the managers.

mgr.pty

Initial party table information for the managers.

snmpv2d.conf

Configuration information for the SNMPv1 entities.

view.pty

MIB view information for the SNMPv2 parties.

For Solaris 2.x, the files are located under:

/etc/snm/{agent,manager}/acl.pty
/etc/snm/agent/agt.pty
/etc/snm/{agent,manager}/context.pty
/etc/snm/agent/snmpv2d.conf
/etc/snm/{agent,manager}/view.pty

For Solaris 1.x, the files are located under:

/etc/snm/{agent,manager}/acl.pty
/etc/snm/agent/agt.pty
/etc/snm/{agent,manager}/context.pty
/etc/snm/agent/snmpv2d.conf
/etc/snm/{agent,manager}/view.pty

SEE ALSO

v2install(1), agt.pty(5), context.pty(5), mgr.cnf(5), mgr.pty(5), snmpv2d.conf(5), view.pty(5), SNMP RFCs (RFC1155 RFC1157 RFC1212 RFC1213 RFC1215, RFCs 1441- 1452)