Logical Domains (LDoms) MIB 1.0.1 Administration GuideTable Of Contents Previous ChapterNext ChapterNoIndex


C H A P T E R   2

Managing Security

This chapter provides information about how to create new Simple Network Management Protocol (SNMP) version 3 (v3) users to provide secure access to SMA. The access control mechanism is the community_string for SNMP version 1 (v1) and version 2 (v2c). Refer to Chapter 2 of the Logical Domains (LDoms) 1.0.1 Administration Guide for complete information about providing security for logical domains.


Note - Creating snmpv3 users is for using the System Management Agent (SMA) in SNMP with the LDoms MIB. This type of user in no way interacts with or conflicts with users you might have set up using the Solaris OS Role-Based Access control (RBAC) adapted for the Logical Domains Manager.


Creating SNMP Version 3 (v3) Users

This section explains how to create the first new snmpv3 user. See To Create the First New snmpv3 User. Additional users are cloned from this initial user, so that the initial user’s authentication and security types can be inherited. These types can be changed later. You set secret key data for the user when you clone from the initial user. You must know the passwords for the initial user and later users that you set up. You can only clone one user at a time from the initial user. For more information, refer to the Solaris System Management Agent Administration Guide for your version of the Solaris OS.

procedure icon  To Create the First New snmpv3 User

This procedure describes using the net-snmp-config utility in SMA to create the first new user. The utility adds a line to the /etc/sma/snmp/snmpd.conf file, giving the initial user read and write access to the agent.

  1. Stop the System Management Agent.


    # svcadm disable -t svc:/application/management/sma:default

  2. Use the net-snmp-config utility to create the new user.


    # /usr/sfw/bin/net-snmp-config --create-snmpv3-user -a my_password newuser

    This command causes a new user to be created, named newuser, with a password you choose.


    Note - Passwords must contain at least eight characters.


  3. Start the System Management Agent.


    # svcadm enable svc:/application/management/sma:default

  4. Check whether the new user (newuser) exists.


    # snmpget -v 3 -u newuser -l authNoPriv -a MD5 -A my_password localhost sysUpTime.0

Creating Additional snmpv3 Users

The preferred method of creating additional new users in secure SNMP is to clone the initial user that you originally set up. Refer to Chapter 4 of the Solaris System Management Agent Administration Guide for your version of the Solaris OS. The procedure in that document “To Create Additional SNMPv3 Users with Security” copies the user you set up in To Create the First New snmpv3 User.



Logical Domains (LDoms) MIB 1.0.1 Administration Guide820-2319-10Table Of Contents Previous ChapterNext ChapterNoIndex


Copyright © 2007, Sun Microsystems, Inc. All rights reserved.