rfc4545 IPS Authorization.mib

-- Network Working Group                                           M. Bakke
-- Request for Comments: 4545                                 Cisco Systems
-- Category: Standards Track                                      J. Muchow
--                                                             Qlogic Corp.
--                                                                 May 2006


--                    Definitions of Managed Objects for
--                  IP Storage User Identity Authorization

   IPS-AUTH-MIB DEFINITIONS  ::= BEGIN

       IMPORTS
       MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, Unsigned32,
       mib-2
       FROM SNMPv2-SMI

       TEXTUAL-CONVENTION, RowStatus, AutonomousType, StorageType
       FROM SNMPv2-TC

       MODULE-COMPLIANCE, OBJECT-GROUP
       FROM SNMPv2-CONF

       SnmpAdminString
       FROM SNMP-FRAMEWORK-MIB -- RFC 3411

       AddressFamilyNumbers
       FROM IANA-ADDRESS-FAMILY-NUMBERS-MIB
       ;

   ipsAuthMibModule MODULE-IDENTITY
       LAST-UPDATED  "200605220000Z" -- May 22, 2006
       ORGANIZATION  "IETF IPS Working Group"
       CONTACT-INFO
       "
       Mark Bakke
       Postal: Cisco Systems, Inc
       7900 International Drive, Suite 400
       Bloomington, MN
       USA 55425

       E-mail: mbakke@cisco.com

       James Muchow
       Postal: Qlogic Corp.
       6321 Bury Dr.
       Eden Prairie, MN
       USA 55346

       E-Mail: james.muchow@qlogic.com"

       DESCRIPTION
           "The IP Storage Authorization MIB module.
            Copyright (C) The Internet Society (2006).  This version of
            this MIB module is part of RFC 4545;  see the RFC itself for
            full legal notices."
       REVISION "200605220000Z" -- May 22, 2006
       DESCRIPTION
           "Initial version of the IP Storage Authentication MIB module,
           published as RFC 4545"

   ::= { mib-2 141 }

   ipsAuthNotifications OBJECT IDENTIFIER ::= { ipsAuthMibModule 0 }
   ipsAuthObjects       OBJECT IDENTIFIER ::= { ipsAuthMibModule 1 }
   ipsAuthConformance   OBJECT IDENTIFIER ::= { ipsAuthMibModule 2 }

   -- Textual Conventions

   IpsAuthAddress ::= TEXTUAL-CONVENTION
       STATUS        current
       DESCRIPTION
           "IP Storage requires the use of address information
           that uses not only the InetAddress type defined in the
           INET-ADDRESS-MIB, but also Fibre Channel type defined
           in the Fibre Channel Management MIB.  Although these
           address types are recognized in the IANA Address Family
           Numbers MIB, the addressing mechanisms have not been
           merged into a well-known, common type.  This data type,
           the IpsAuthAddress, performs the merging for this MIB
           module.

           The formats of objects of this type are determined by
           a corresponding object with syntax AddressFamilyNumbers,
           and thus every object defined using this TC must
           identify the object with syntax AddressFamilyNumbers
           that specifies its type.

           The syntax and semantics of this object depend on the
           identified AddressFamilyNumbers object as follows:

           AddressFamilyNumbers   this object
           ====================   ===========
           ipV4(1)                restricted to the same syntax and
                                  semantics as the InetAddressIPv4 TC.

           ipV6(2)                restricted to the same syntax and
                                  semantics as the InetAddressIPv6 TC.

           fibreChannelWWPN (22)
           & fibreChannelWWNN(23) restricted to the same syntax and
                                  semantics as the FcNameIdOrZero TC.

           Types other than the above should not be used unless
           the corresponding format of the IpsAuthAddress object is
           further specified (e.g., in a future revision of this TC)."
       REFERENCE
           "IANA-ADDRESS-FAMILY-NUMBERS-MIB;
            INET-ADDRESS-MIB (RFC 4001);
            FC-MGMT-MIB (RFC 4044)."
       SYNTAX        OCTET STRING (SIZE(0..255))

   --******************************************************************

   ipsAuthDescriptors OBJECT IDENTIFIER ::= { ipsAuthObjects 1 }

   ipsAuthMethodTypes OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "Registration point for Authentication Method Types."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthDescriptors 1 }

   ipsAuthMethodNone OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "The authoritative identifier when no authentication
           method is used."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 1 }

   ipsAuthMethodSrp OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "The authoritative identifier when the authentication
           method is SRP."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 2 }

   ipsAuthMethodChap OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "The authoritative identifier when the authentication
           method is CHAP."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 3 }

   ipsAuthMethodKerberos OBJECT-IDENTITY
       STATUS        current
       DESCRIPTION
           "The authoritative identifier when the authentication
           method is Kerberos."
       REFERENCE "RFC 3720, iSCSI Protocol Specification."
   ::= { ipsAuthMethodTypes 4 }

   --******************************************************************

   ipsAuthInstance OBJECT IDENTIFIER ::= { ipsAuthObjects 2 }

   -- Instance Attributes Table

   ipsAuthInstanceAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthInstanceAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of Authorization instances present on the system."
   ::= { ipsAuthInstance 2 }

   ipsAuthInstanceAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthInstanceAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to a particular Authorization instance."
       INDEX { ipsAuthInstIndex }
   ::= { ipsAuthInstanceAttributesTable 1 }

   IpsAuthInstanceAttributesEntry ::= SEQUENCE {
       ipsAuthInstIndex               Unsigned32,
       ipsAuthInstDescr               SnmpAdminString,
       ipsAuthInstStorageType         StorageType
   }

   ipsAuthInstIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular authorization instance.  This index value
           must not be modified or reused by an agent unless
           a reboot has occurred.  An agent should attempt to
           keep this value persistent across reboots."
   ::= { ipsAuthInstanceAttributesEntry 1 }

   ipsAuthInstDescr OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-write
       STATUS        current
       DESCRIPTION
           "A character string, determined by the implementation to
           describe the authorization instance.  When only a single
           instance is present, this object may be set to the
           zero-length string; with multiple authorization
           instances, it must be set to a unique value in an
           implementation-dependent manner to describe the purpose
           of the respective instance.  If this is deployed in a
           master agent with more than one subagent implementing
           this MIB module, the master agent is responsible for
           ensuring that this object is unique across all
           subagents."
   ::= { ipsAuthInstanceAttributesEntry 2 }

   ipsAuthInstStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-write
       STATUS        current
       DESCRIPTION
           "The storage type for all read-write objects within this
            row.  Rows in this table are always created via an
            external process, and may have a storage type of readOnly
            or permanent.  Conceptual rows having the value 'permanent'
            need not allow write access to any columnar objects in
            the row.

            If this object has the value 'volatile', modifications
            to read-write objects in this row are not persistent
            across reboots.  If this object has the value
            'nonVolatile', modifications to objects in this row
            are persistent.

            An implementation may choose to allow this object
            to be set to either 'nonVolatile' or 'volatile',
            allowing the management application to choose this
            behavior."
       DEFVAL        { volatile }
   ::= { ipsAuthInstanceAttributesEntry 3 }

   ipsAuthIdentity OBJECT IDENTIFIER ::= { ipsAuthObjects 3 }

   -- User Identity Attributes Table

   ipsAuthIdentAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthIdentAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of user identities, each belonging to a
           particular ipsAuthInstance."
   ::= { ipsAuthIdentity 1 }

   ipsAuthIdentAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthIdentAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           describing a user identity within an authorization
           instance on this node."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex }
   ::= { ipsAuthIdentAttributesTable  1 }

   IpsAuthIdentAttributesEntry ::= SEQUENCE {
       ipsAuthIdentIndex              Unsigned32,
       ipsAuthIdentDescription        SnmpAdminString,
       ipsAuthIdentRowStatus          RowStatus,
       ipsAuthIdentStorageType        StorageType
   }

   ipsAuthIdentIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular identity instance within an authorization
           instance present on the node.  This index value
           must not be modified or reused by an agent unless
           a reboot has occurred.  An agent should attempt to
           keep this value persistent across reboots."
   ::= { ipsAuthIdentAttributesEntry 1 }

   ipsAuthIdentDescription OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string describing this particular identity."
   ::= { ipsAuthIdentAttributesEntry 2 }

   ipsAuthIdentRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthIdentDescription may be set while
           ipsAuthIdentRowStatus is 'active'."
   ::= { ipsAuthIdentAttributesEntry 3 }

   ipsAuthIdentStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthIdentAttributesEntry 4 }

   ipsAuthIdentityName OBJECT IDENTIFIER ::= { ipsAuthObjects 4 }

   -- User Initiator Name Attributes Table

   ipsAuthIdentNameAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthIdentNameAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of unique names that can be used to positively
           identify a particular user identity."
   ::= { ipsAuthIdentityName 1 }

   ipsAuthIdentNameAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthIdentNameAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to a unique identity name, which can be used
           to identify a user identity within a particular
           authorization instance."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
               ipsAuthIdentNameIndex }
   ::= { ipsAuthIdentNameAttributesTable  1 }

   IpsAuthIdentNameAttributesEntry ::= SEQUENCE {
       ipsAuthIdentNameIndex          Unsigned32,
       ipsAuthIdentName               SnmpAdminString,
       ipsAuthIdentNameRowStatus      RowStatus,
       ipsAuthIdentNameStorageType    StorageType
   }

   ipsAuthIdentNameIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular identity name instance within an
           ipsAuthIdentity within an authorization instance.
           This index value must not be modified or reused by
           an agent unless a reboot has occurred.  An agent
           should attempt to keep this value persistent across
           reboots."
   ::= { ipsAuthIdentNameAttributesEntry 1 }

   ipsAuthIdentName OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string that is the unique name of an
           identity that may be used to identify this ipsAuthIdent
           entry."
   ::= { ipsAuthIdentNameAttributesEntry 2 }

   ipsAuthIdentNameRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthIdentName may be set when this value is 'active'."
   ::= { ipsAuthIdentNameAttributesEntry 3 }

   ipsAuthIdentNameStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthIdentNameAttributesEntry 4 }

   ipsAuthIdentityAddress OBJECT IDENTIFIER ::= { ipsAuthObjects 5 }

   -- User Initiator Address Attributes Table

   ipsAuthIdentAddrAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthIdentAddrAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of address ranges that are allowed to serve
           as the endpoint addresses of a particular identity.
           An address range includes a starting and ending address
           and an optional netmask, and an address type indicator,
           which can specify whether the address is IPv4, IPv6,
           FC-WWPN, or FC-WWNN."
   ::= { ipsAuthIdentityAddress 1 }

   ipsAuthIdentAddrAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthIdentAddrAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to an address range that is used as part
           of the authorization of an identity
           within an authorization instance on this node."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex,
               ipsAuthIdentAddrIndex }
   ::= { ipsAuthIdentAddrAttributesTable  1 }

   IpsAuthIdentAddrAttributesEntry ::= SEQUENCE {
       ipsAuthIdentAddrIndex          Unsigned32,
       ipsAuthIdentAddrType           AddressFamilyNumbers,
       ipsAuthIdentAddrStart          IpsAuthAddress,
       ipsAuthIdentAddrEnd            IpsAuthAddress,
       ipsAuthIdentAddrRowStatus      RowStatus,
       ipsAuthIdentAddrStorageType    StorageType
   }

   ipsAuthIdentAddrIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular ipsAuthIdentAddress instance within an
           ipsAuthIdentity within an authorization instance
           present on the node.
           This index value must not be modified or reused by
           an agent unless a reboot has occurred.  An agent
           should attempt to keep this value persistent across
           reboots."
   ::= { ipsAuthIdentAddrAttributesEntry 1 }

   ipsAuthIdentAddrType OBJECT-TYPE
       SYNTAX        AddressFamilyNumbers
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The address types used in the ipsAuthIdentAddrStart
           and ipsAuthAddrEnd objects.  This type is taken
           from the IANA address family types."
   ::= { ipsAuthIdentAddrAttributesEntry 2 }

   ipsAuthIdentAddrStart OBJECT-TYPE
       SYNTAX        IpsAuthAddress
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The starting address of the allowed address range.
           The format of this object is determined by
           ipsAuthIdentAddrType."
   ::= { ipsAuthIdentAddrAttributesEntry 3 }

   ipsAuthIdentAddrEnd OBJECT-TYPE
       SYNTAX        IpsAuthAddress
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The ending address of the allowed address range.
           If the ipsAuthIdentAddrEntry specifies a single
           address, this shall match the ipsAuthIdentAddrStart.
           The format of this object is determined by
           ipsAuthIdentAddrType."
   ::= { ipsAuthIdentAddrAttributesEntry 4 }

   ipsAuthIdentAddrRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The values of
           ipsAuthIdentAddrStart and ipsAuthIdentAddrEnd may be set
           when this value is 'active'.  The value of
           ipsAuthIdentAddrType may not be set when this value is
           'active'."
   ::= { ipsAuthIdentAddrAttributesEntry 5 }

   ipsAuthIdentAddrStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthIdentAddrAttributesEntry 6 }

   ipsAuthCredential OBJECT IDENTIFIER ::= { ipsAuthObjects 6 }

   -- Credential Attributes Table

   ipsAuthCredentialAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthCredentialAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of credentials related to user identities
           that are allowed as valid authenticators of the
           particular identity."
   ::= { ipsAuthCredential 1 }

   ipsAuthCredentialAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthCredentialAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to a credential that verifies a user
           identity within an authorization instance.

           To provide complete information in this MIB for a credential,
           the management station must not only create the row in this
           table but must also create a row in another table, where the
           other table is determined by the value of
           ipsAuthCredAuthMethod, e.g., if ipsAuthCredAuthMethod has the
           value ipsAuthMethodChap, a row must be created in the
           ipsAuthCredChapAttributesTable."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredentialAttributesTable  1 }

   IpsAuthCredentialAttributesEntry ::= SEQUENCE {
       ipsAuthCredIndex               Unsigned32,
       ipsAuthCredAuthMethod          AutonomousType,
       ipsAuthCredRowStatus           RowStatus,
       ipsAuthCredStorageType         StorageType
   }

   ipsAuthCredIndex OBJECT-TYPE
       SYNTAX        Unsigned32 (1..4294967295)
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An arbitrary integer used to uniquely identify a
           particular Credential instance within an instance
           present on the node.
           This index value must not be modified or reused by
           an agent unless a reboot has occurred.  An agent
           should attempt to keep this value persistent across
           reboots."
   ::= { ipsAuthCredentialAttributesEntry 1 }

   ipsAuthCredAuthMethod OBJECT-TYPE
       SYNTAX        AutonomousType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This object contains an OBJECT IDENTIFIER
           that identifies the authentication method
           used with this credential.

           When a row is created in this table, a corresponding
           row must be created by the management station
           in a corresponding table specified by this value.

           When a row is deleted from this table, the corresponding
           row must be automatically deleted by the agent in
           the corresponding table specified by this value.

           If the value of this object is ipsAuthMethodNone, no
           corresponding rows are created or deleted from other
           tables.

           Some standardized values for this object are defined
           within the ipsAuthMethodTypes subtree."
   ::= { ipsAuthCredentialAttributesEntry 2 }

   ipsAuthCredRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredAuthMethod must not be changed while this row
           is 'active'."
   ::= { ipsAuthCredentialAttributesEntry 3 }

   ipsAuthCredStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredentialAttributesEntry 4 }

   ipsAuthCredChap OBJECT IDENTIFIER ::= { ipsAuthObjects 7 }

   -- Credential Chap-Specific Attributes Table

   ipsAuthCredChapAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthCredChapAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of CHAP attributes for credentials that
           use ipsAuthMethodChap as their ipsAuthCredAuthMethod.

           A row in this table can only exist when an instance of
           the ipsAuthCredAuthMethod object exists (or is created
           simultaneously) having the same instance identifiers
           and a value of 'ipsAuthMethodChap'."
   ::= { ipsAuthCredChap 1 }

   ipsAuthCredChapAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthCredChapAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to a credential that uses
           ipsAuthMethodChap as their ipsAuthCredAuthMethod.

           When a row is created in ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredChap, the
           management station must create a corresponding row
           in this table.

           When a row is deleted from ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredChap, the
           agent must delete the corresponding row (if any) in
           this table."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredChapAttributesTable  1 }

   IpsAuthCredChapAttributesEntry ::= SEQUENCE {
       ipsAuthCredChapUserName        SnmpAdminString,
       ipsAuthCredChapRowStatus       RowStatus,
       ipsAuthCredChapStorageType     StorageType
   }

   ipsAuthCredChapUserName OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string containing the CHAP user name for this
           credential."
       REFERENCE
           "W. Simpson, RFC 1994: PPP Challenge Handshake
           Authentication Protocol (CHAP), August 1996"
   ::= { ipsAuthCredChapAttributesEntry 1 }

   ipsAuthCredChapRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredChapUserName may be changed while this row
           is 'active'."
   ::= { ipsAuthCredChapAttributesEntry 2 }

   ipsAuthCredChapStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredChapAttributesEntry 3 }

   ipsAuthCredSrp OBJECT IDENTIFIER ::= { ipsAuthObjects 8 }

   -- Credential Srp-Specific Attributes Table

   ipsAuthCredSrpAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthCredSrpAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of SRP attributes for credentials that
           use ipsAuthMethodSrp as its ipsAuthCredAuthMethod.

           A row in this table can only exist when an instance of
           the ipsAuthCredAuthMethod object exists (or is created
           simultaneously) having the same instance identifiers
           and a value of 'ipsAuthMethodSrp'."
   ::= { ipsAuthCredSrp 1 }

   ipsAuthCredSrpAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthCredSrpAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to a credential that uses
           ipsAuthMethodSrp as their ipsAuthCredAuthMethod.

           When a row is created in ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
           management station must create a corresponding row
           in this table.

           When a row is deleted from ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
           agent must delete the corresponding row (if any) in
           this table."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredSrpAttributesTable  1 }

   IpsAuthCredSrpAttributesEntry ::= SEQUENCE {
       ipsAuthCredSrpUserName         SnmpAdminString,
       ipsAuthCredSrpRowStatus        RowStatus,
       ipsAuthCredSrpStorageType      StorageType
   }

   ipsAuthCredSrpUserName OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string containing the SRP user name for this
           credential."
       REFERENCE
          "T. Wu, RFC 2945: The SRP Authentication and Key
          Exchange System, September 2000"
   ::= { ipsAuthCredSrpAttributesEntry 1 }

   ipsAuthCredSrpRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredSrpUserName may be changed while the status
           of this row is 'active'."
   ::= { ipsAuthCredSrpAttributesEntry 2 }

   ipsAuthCredSrpStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredSrpAttributesEntry 3 }

   ipsAuthCredKerberos OBJECT IDENTIFIER ::= { ipsAuthObjects 9 }

   -- Credential Kerberos-Specific Attributes Table

   ipsAuthCredKerbAttributesTable OBJECT-TYPE
       SYNTAX        SEQUENCE OF IpsAuthCredKerbAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "A list of Kerberos attributes for credentials that
           use ipsAuthMethodKerberos as their ipsAuthCredAuthMethod.

           A row in this table can only exist when an instance of
           the ipsAuthCredAuthMethod object exists (or is created
           simultaneously) having the same instance identifiers
           and a value of 'ipsAuthMethodKerb'."
   ::= { ipsAuthCredKerberos 1 }

   ipsAuthCredKerbAttributesEntry OBJECT-TYPE
       SYNTAX        IpsAuthCredKerbAttributesEntry
       MAX-ACCESS    not-accessible
       STATUS        current
       DESCRIPTION
           "An entry (row) containing management information
           applicable to a credential that uses
           ipsAuthMethodKerberos as its ipsAuthCredAuthMethod.

           When a row is created in ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
           management station must create a corresponding row
           in this table.

           When a row is deleted from ipsAuthCredentialAttributesTable
           with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
           agent must delete the corresponding row (if any) in
           this table."
       INDEX { ipsAuthInstIndex, ipsAuthIdentIndex, ipsAuthCredIndex }
   ::= { ipsAuthCredKerbAttributesTable  1 }

   IpsAuthCredKerbAttributesEntry ::= SEQUENCE {
       ipsAuthCredKerbPrincipal       SnmpAdminString,
       ipsAuthCredKerbRowStatus       RowStatus,
       ipsAuthCredKerbStorageType     StorageType
   }

   ipsAuthCredKerbPrincipal OBJECT-TYPE
       SYNTAX        SnmpAdminString
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "A character string containing a Kerberos principal
           for this credential."
       REFERENCE
           "C. Neuman, S. Hartman, and K. Raeburn, RFC 4120:
           The Kerberos Network Authentication Service (V5),
           July 2005"
   ::= { ipsAuthCredKerbAttributesEntry 1 }

   ipsAuthCredKerbRowStatus OBJECT-TYPE
       SYNTAX        RowStatus
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "This field allows entries to be dynamically added and
           removed from this table via SNMP.  When adding a row to
           this table, all non-Index/RowStatus objects must be set.
           Rows may be discarded using RowStatus.  The value of
           ipsAuthCredKerbPrincipal may be changed while this row
           is 'active'."
   ::= { ipsAuthCredKerbAttributesEntry 2 }

   ipsAuthCredKerbStorageType OBJECT-TYPE
       SYNTAX        StorageType
       MAX-ACCESS    read-create
       STATUS        current
       DESCRIPTION
           "The storage type for all read-create objects in this row.
            Rows in this table that were created through an external
            process may have a storage type of readOnly or permanent.
            Conceptual rows having the value 'permanent' need not
            allow write access to any columnar objects in the row."
       DEFVAL        { nonVolatile }
   ::= { ipsAuthCredKerbAttributesEntry 3 }

   --******************************************************************
   -- Notifications

   -- There are no notifications necessary in this MIB module.
   --******************************************************************

   -- Conformance Statements

   ipsAuthCompliances OBJECT IDENTIFIER ::= { ipsAuthConformance 1 }
   ipsAuthGroups      OBJECT IDENTIFIER ::= { ipsAuthConformance 2 }

   ipsAuthInstanceAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthInstDescr,
           ipsAuthInstStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           authorization instances."
   ::= { ipsAuthGroups 1 }

   ipsAuthIdentAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthIdentDescription,
           ipsAuthIdentRowStatus,
           ipsAuthIdentStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           user identities within an authorization instance."
   ::= { ipsAuthGroups 2 }

   ipsAuthIdentNameAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthIdentName,
           ipsAuthIdentNameRowStatus,
           ipsAuthIdentNameStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           user names within user identities within an authorization
           instance."
   ::= { ipsAuthGroups 3 }

   ipsAuthIdentAddrAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthIdentAddrType,
           ipsAuthIdentAddrStart,
           ipsAuthIdentAddrEnd,
           ipsAuthIdentAddrRowStatus,
           ipsAuthIdentAddrStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           address ranges within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 4 }

   ipsAuthIdentCredAttributesGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredAuthMethod,
           ipsAuthCredRowStatus,
           ipsAuthCredStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           credentials within user identities within an authorization
           instance."
   ::= { ipsAuthGroups 5 }

   ipsAuthIdentChapAttrGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredChapUserName,
           ipsAuthCredChapRowStatus,
           ipsAuthCredChapStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           CHAP credentials within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 6 }

   ipsAuthIdentSrpAttrGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredSrpUserName,
           ipsAuthCredSrpRowStatus,
           ipsAuthCredSrpStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           SRP credentials within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 7 }

   ipsAuthIdentKerberosAttrGroup OBJECT-GROUP
       OBJECTS {
           ipsAuthCredKerbPrincipal,
           ipsAuthCredKerbRowStatus,
           ipsAuthCredKerbStorageType
       }
       STATUS current
       DESCRIPTION
           "A collection of objects providing information about
           Kerberos credentials within user identities within an
           authorization instance."
   ::= { ipsAuthGroups 8 }

   --******************************************************************

   ipsAuthComplianceV1 MODULE-COMPLIANCE
       STATUS current
       DESCRIPTION
           "Initial version of compliance statement based on
           initial version of this MIB module.

           The Instance and Identity groups are mandatory;
           at least one of the other groups (Name, Address,
           Credential, Certificate) is also mandatory for
           any given implementation."
       MODULE       -- this module
       MANDATORY-GROUPS {
           ipsAuthInstanceAttributesGroup,
           ipsAuthIdentAttributesGroup
       }

       -- Conditionally mandatory groups to be included with
       -- the mandatory groups when necessary.

       GROUP ipsAuthIdentNameAttributesGroup
       DESCRIPTION
           "This group is mandatory for all implementations
           that make use of unique identity names."

       GROUP ipsAuthIdentAddrAttributesGroup
       DESCRIPTION
           "This group is mandatory for all implementations
           that use addresses to help verify identities."

       GROUP ipsAuthIdentCredAttributesGroup
       DESCRIPTION
           "This group is mandatory for all implementations
           that use credentials to help verify identities."

       GROUP ipsAuthIdentChapAttrGroup
       DESCRIPTION
           "This group is mandatory for all implementations
           that use CHAP to help verify identities.

           The ipsAuthIdentCredAttributesGroup must be
           implemented if this group is implemented."

       GROUP ipsAuthIdentSrpAttrGroup
       DESCRIPTION
           "This group is mandatory for all implementations
           that use SRP to help verify identities.

           The ipsAuthIdentCredAttributesGroup must be
           implemented if this group is implemented."

       GROUP ipsAuthIdentKerberosAttrGroup
       DESCRIPTION
           "This group is mandatory for all implementations
           that use Kerberos to help verify identities.

           The ipsAuthIdentCredAttributesGroup must be
           implemented if this group is implemented."

       OBJECT ipsAuthInstDescr
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required."

       OBJECT ipsAuthInstStorageType
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required."

       OBJECT ipsAuthIdentDescription
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required."

       OBJECT ipsAuthIdentRowStatus
       SYNTAX INTEGER { active(1) } -- subset of RowStatus
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required, and only one of the
           six enumerated values for the RowStatus textual
           convention need be supported, specifically:
           active(1)."

       OBJECT ipsAuthIdentName
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required."

       OBJECT ipsAuthIdentNameRowStatus
       SYNTAX INTEGER { active(1) } -- subset of RowStatus
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required, and only one of the
           six enumerated values for the RowStatus textual
           convention need be supported, specifically:
           active(1)."

       OBJECT ipsAuthIdentAddrType
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required."

       OBJECT ipsAuthIdentAddrStart
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required."

       OBJECT ipsAuthIdentAddrEnd
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required."

       OBJECT ipsAuthIdentAddrRowStatus
       SYNTAX INTEGER { active(1) } -- subset of RowStatus
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required, and only one of the
           six enumerated values for the RowStatus textual
           convention need be supported, specifically:
           active(1)."

       OBJECT ipsAuthCredAuthMethod
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required."

       OBJECT ipsAuthCredRowStatus
       SYNTAX INTEGER { active(1) } -- subset of RowStatus
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required, and only one of the
           six enumerated values for the RowStatus textual
           convention need be supported, specifically:
           active(1)."

       OBJECT ipsAuthCredChapUserName
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required."

       OBJECT ipsAuthCredChapRowStatus
       SYNTAX INTEGER { active(1) } -- subset of RowStatus
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required, and only one of the
           six enumerated values for the RowStatus textual
           convention need be supported, specifically:
           active(1)."

       OBJECT ipsAuthCredSrpUserName
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required."

       OBJECT ipsAuthCredSrpRowStatus
       SYNTAX INTEGER { active(1) } -- subset of RowStatus
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required, and only one of the
           six enumerated values for the RowStatus textual
           convention need be supported, specifically:
           active(1)."

       OBJECT ipsAuthCredKerbPrincipal
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required."

       OBJECT ipsAuthCredKerbRowStatus
       SYNTAX INTEGER { active(1) } -- subset of RowStatus
       MIN-ACCESS read-only
       DESCRIPTION
           "Write access is not required, and only one of the six
           enumerated values for the RowStatus textual convention need
           be supported, specifically:  active(1)."

   ::= { ipsAuthCompliances 1 }

   END
OID .1.3.6.1.2.1.141OID .1.3.6.1.2.1.141.0OID .1.3.6.1.2.1.141.1OID .1.3.6.1.2.1.141.1.1OID .1.3.6.1.2.1.141.1.1.1OID .1.3.6.1.2.1.141.1.1.1.1OID .1.3.6.1.2.1.141.1.1.1.2OID .1.3.6.1.2.1.141.1.1.1.3OID .1.3.6.1.2.1.141.1.1.1.4OID .1.3.6.1.2.1.141.1.2OID .1.3.6.1.2.1.141.1.2.2OID .1.3.6.1.2.1.141.1.2.2.1OID .1.3.6.1.2.1.141.1.2.2.1.1OID .1.3.6.1.2.1.141.1.2.2.1.2OID .1.3.6.1.2.1.141.1.2.2.1.3OID .1.3.6.1.2.1.141.1.3OID .1.3.6.1.2.1.141.1.3.1OID .1.3.6.1.2.1.141.1.3.1.1OID .1.3.6.1.2.1.141.1.3.1.1.1OID .1.3.6.1.2.1.141.1.3.1.1.2
OID .1.3.6.1.2.1.141.1.3.1.1.3OID .1.3.6.1.2.1.141.1.3.1.1.4OID .1.3.6.1.2.1.141.1.4OID .1.3.6.1.2.1.141.1.4.1OID .1.3.6.1.2.1.141.1.4.1.1OID .1.3.6.1.2.1.141.1.4.1.1.1OID .1.3.6.1.2.1.141.1.4.1.1.2OID .1.3.6.1.2.1.141.1.4.1.1.3OID .1.3.6.1.2.1.141.1.4.1.1.4OID .1.3.6.1.2.1.141.1.5OID .1.3.6.1.2.1.141.1.5.1OID .1.3.6.1.2.1.141.1.5.1.1OID .1.3.6.1.2.1.141.1.5.1.1.1OID .1.3.6.1.2.1.141.1.5.1.1.2OID .1.3.6.1.2.1.141.1.5.1.1.3OID .1.3.6.1.2.1.141.1.5.1.1.4OID .1.3.6.1.2.1.141.1.5.1.1.5OID .1.3.6.1.2.1.141.1.5.1.1.6OID .1.3.6.1.2.1.141.1.6OID .1.3.6.1.2.1.141.1.6.1OID .1.3.6.1.2.1.141.1.6.1.1OID .1.3.6.1.2.1.141.1.6.1.1.1OID .1.3.6.1.2.1.141.1.6.1.1.2OID .1.3.6.1.2.1.141.1.6.1.1.3OID .1.3.6.1.2.1.141.1.6.1.1.4OID .1.3.6.1.2.1.141.1.7OID .1.3.6.1.2.1.141.1.7.1OID .1.3.6.1.2.1.141.1.7.1.1OID .1.3.6.1.2.1.141.1.7.1.1.1OID .1.3.6.1.2.1.141.1.7.1.1.2OID .1.3.6.1.2.1.141.1.7.1.1.3OID .1.3.6.1.2.1.141.1.8OID .1.3.6.1.2.1.141.1.8.1OID .1.3.6.1.2.1.141.1.8.1.1OID .1.3.6.1.2.1.141.1.8.1.1.1OID .1.3.6.1.2.1.141.1.8.1.1.2OID .1.3.6.1.2.1.141.1.8.1.1.3OID .1.3.6.1.2.1.141.1.9OID .1.3.6.1.2.1.141.1.9.1OID .1.3.6.1.2.1.141.1.9.1.1OID .1.3.6.1.2.1.141.1.9.1.1.1OID .1.3.6.1.2.1.141.1.9.1.1.2OID .1.3.6.1.2.1.141.1.9.1.1.3OID .1.3.6.1.2.1.141.2OID .1.3.6.1.2.1.141.2.1OID .1.3.6.1.2.1.141.2.1.1OID .1.3.6.1.2.1.141.2.2OID .1.3.6.1.2.1.141.2.2.1OID .1.3.6.1.2.1.141.2.2.2OID .1.3.6.1.2.1.141.2.2.3OID .1.3.6.1.2.1.141.2.2.4OID .1.3.6.1.2.1.141.2.2.5OID .1.3.6.1.2.1.141.2.2.6OID .1.3.6.1.2.1.141.2.2.7OID .1.3.6.1.2.1.141.2.2.8