NAME
acl.pty - access control configuration for SNMPv2 entities
SYNOPSIS
Target Subject Resources Privileges StorageType
DESCRIPTION
The configuration file acl.pty is one of several configuration files required by the SNMPv2 entities. The default location of acl.pty is /etc/opt/snm/agent or /etc/opt/snm/manager for Solaris 2.x and /etc/snm/agent or /etc/snm/manager for Solaris 1.x, but can be specified by the environment variables SR_AGT_CONF_DIR and SR_MGR_CONF_DIR.
The acl.pty file defines information for the Access Control List (ACL) table, which in turn contains information about the access privileges for the target-party/subject-party pair. There must be one entry for every intended target that defines the access privileges for the target and subject in their SNMPv2 context.
In other words, for every agent and manager that will be communicating with each other, there must be an entry in the acl.pty file that, along with a corresponding entry in the context.pty file, defines the access privileges for the two entities. See context.pty(5) for more information on the context.
Each entry in the file consists of 1 line:
Target Subject Resources Privileges StorageType
where
Target
represents the target party for this ACL entry. This index must match the partyIndex of an entry in the party table, agt.pty. This party's performance of management operations is constrained by the set of access privileges for this entry (see Privileges below).
Note: The partyAuthProtocol value for this party must be the same as the one for the Subject party in the party table. In other words, the target and the subject parties must have equivalent PartyDiscriminator types in the agt.pty records. See the PartyDiscrimina_tor description in agt.pty(5) for an explanation of the types. The party table entries are discussed further agt.pty(5) and in the Party MIB RFC, RFC1447. This field is an integer.
Subject
similar to Target, represents the subject party for this ACL entry. This index must match the partyIndex of an entry in the party table, agt.pty. This party's performance of management operations is constrained by the set of access privileges for this entry (see Privileges below).
Note: The partyAuthProtocol value for this party must be the same as the one for the Target party in the party table. In other words, the target and the subject parties must have equivalent PartyDiscriminator types in the agt.pty records. See the PartyDiscrimina_tor description in agt.pty(5) for an explanation of the types. The party table entries are discussed further agt.pty(5) and in the Party MIB RFC, RFC1447. This field is an integer.
Resources
represents the context for this ACL entry. This index must match the contextIndex of an entry in the context table, context.pty. See context.pty(5) for more information on context entries.
Privileges
represents the value that governs what management operations a particular target party can perform on behalf of the subject (source) party. This field may have a value ranging from 0 to 255. This value is a sum of values, each of which represents a management operation.
Possible values are:
According to RFC1447,
EXAMPLE
An example acl.pty entry might be
1 2 1 43 nonVolatile
which defines this entry as follows:
Target
The party entry with partyIndex of 1 is the destination (or target).
Subject
The party entry with partyIndex of 2 is the source (or subject).
Resources
The context entry that has a contextIndex of 1 is the SNMPv2 context.
Privileges
The entity would expect to be able to perform get, get-next, get-bulk, and set requests with this ACL entry.
StorageType
Store this entry in non-volatile memory, e. g. NVRAM.
FILES
Additional SNMPv2 Configuration Files
When the agent is compiled with either SNMPv2 or both SNMPv1 and SNMPv2 defined, the configuration files acl.pty, agt.pty, context.pty, snmpv2d.conf and view.pty are required for the agent side, and acl.pty, context.pty, mgr.cnf, mgr.pty, and view.pty are required for the manager side.
acl.pty
Access control privileges for the SNMPv2 parties.
agt.pty
Initial party table information for the agent.
context.pty
Context information for the SNMPv2 parties.
mgr.cnf
Configuration information for the managers.
mgr.pty
Initial party table information for the managers.
snmpv2d.conf
Configuration information for the SNMPv1 entities.
view.pty
MIB view information for the SNMPv2 parties.
For Solaris 2.x, the files are located under:
/etc/snm/{agent,manager}/acl.pty
/etc/snm/agent/agt.pty
/etc/snm/{agent,manager}/context.pty
/etc/snm/agent/snmpv2d.conf
/etc/snm/{agent,manager}/view.pty
For Solaris 1.x, the files are located under:
/etc/snm/{agent,manager}/acl.pty
/etc/snm/agent/agt.pty
/etc/snm/{agent,manager}/context.pty
/etc/snm/agent/snmpv2d.conf
/etc/snm/{agent,manager}/view.pty
SEE ALSO
v2install(1), agt.pty(5), context.pty(5), mgr.cnf(5), mgr.pty(5), snmpv2d.conf(5), view.pty(5), SNMP RFCs (RFC1155 RFC1157 RFC1212 RFC1213 RFC1215, RFCs 1441-1452)