NAME

SYNOPSIS

The mgr.pty file is similar to the agt.pty(5) file used by agents; it defines the party table entries for the parties associated with the managers.

Each entry in the file consists of 7 lines:

PartyName PartyDiscriminator
TDomain TAddress Port Lifetime MaxMsgSize partyIndex partyStorageType partyLocal partyAuthClock AuthPublicSecret | AuthPrivateSecret
| PrivPublicSecret
| PrivPrivateSecret
|
where

PartyName
is a unique name for the party.
This field is required and must map to an OID in the MIB.

PartyDiscriminator
defines the authentication protocol to be used by this party:
1 or 2 defines this party as noauth/nopriv 3 or 4 defines this party as auth/nopriv 5 or 6 defines this party as auth/priv This field is an integer and must be present for SNMPv2 parties. If the corresponding TDomain is rfc1157Domain, this field is ignored. However, a value must be present, and an entry of 1 would be reasonable.

TDomain
defines the transport domain for the party. There are two valid entries for the TDomain:

rfc1157Domain - indicates this is a SNMPv1 community entry in the party table.

snmpUDPDomain - indicates this is a SNMPv2 party entry. Note: A party can be rfc1157Domain only if the entity is a bilingual entity, i. e., understands both SNMPv1 and SNMPv2. This file is not consulted when the entity is compiled to be SNMPv1 only.

TAddress
used in conjunction with the Port field to define the destination address.
This field must be present and is an IP address in dotted decimal form; i. e., 128.169.4.4.

Port used in conjunction with the TAddress field to define the destination address.
This field must be present and is an integer.

partyIndex
used by the aclTable to match a party entry with its access privileges.
Note: This must be a unique value for each party table entry.
This field is an integer in the range of 1 to 65535, inclusive.

partyStorageType
indicates the storage type for this row in the party table. Possible values are:
other
volatile
nonVolatile
permanent
According to RFC1447,
· volatile is lost upon reboot, e. g., in RAM, · nonVolatile is backed up by stable storage, e. g., in NVRAM,
· permanent cannot be changed or deleted, e. g., in ROM,
and "other" is provided in the unlikely event that someone will find a need for a storage type not covered by the other three.

This field is a case-sensitive string corresponding to one of the above values.

partyLocal
When TDomain is rfc1157Domain, this field is ignored. When TDomain is snmpUDPDomain, indicates whether this party represents the "local" end of a transmission. This field has two possible values: true: it is "local,"
or
false: it is not "local,"
Note: When the party is "not local," and the TDomain is snmpUDPDomain (i. e., SNMPv2), the TAddress and Port either may be used by a proxy entity to determine which address/port pair should receive proxy requests or to indicate which address/port pair should receive traps. This field is required (whether representing a SNMPv1 or SNMPv2 party) and is a case-sensitive string corresponding to one of the above values. Note: When the TDomain indicates a SNMPv2 party, the term "local" does not mean local in the sense of location or address, but rather in the sense of origin. This means that on outgoing packets, the source party must be a "local" party - one representing the local entity as the source of the packet; on incoming packets, the source party must be a "remote" party - one representing a valid source party for sending packets to the local entity. In this sense, local means representing the local entity. "Non-local" or "remote" parties are ones that are logically remote to the entity; i. e., the source party of an incoming packetthe party that sent the packet - and the destination party of an outgoing packet -the party that will be receiving the packet at the other end of the transmission. In other words, packets are received from and sent to "non-local" (or remote) parties, and packets are sent from and received by local parties. Note: entries that are "shared" with another entity will have partyLocal fields that are opposite. For instance, an entry for a local party ( partyLocal = true ) in the agent's party file would be configured as a non-local ( partyLocal = false ) in the manager's party file.

partyAuthClock
defines the current notion of time for the entity. On startup a pre-defined adjustment, TIME_WARP in

secure.h, is added to this value---unless the resulting value would exceed the maximum possible time. This is done to help prevent replay attacks across reboots. This field is an integer in the range 0 to 4294967295, inclusive. A perfectly valid initial value is 0; the security software should adjust and "synch" clocks once everything is up and running.

AuthPublicSecret
is unused by the entity at this time. Will represent the "secret" as a series of hexadecimal numbers, each digit representing the corresponding ASCII value for the character in the string. A value of - represents the null string. The string can range from 0 to 16 bytes.
Note: This field should be null ( - ) for now.

AuthPrivateSecret
represents the "secrets" string for the authentication protocol. The secret is stored as a series of hexadecimal numbers; each digit is the ASCII value for the corresponding character in the string. A value of represents the null string. The string can range from 0 to 16 bytes, depending on the TDomain: If the party is an auth/nopriv or auth/priv party, this field must have a length of 16 bytes (i.e., 16 hexadecimal numbers in the configuration file). Both digits of each number must be represented. In other words, 1 would be entered as 01. If the corresponding TDomain field is equal to rfc1157Domain, contains a community string name as an encoded string of characters and can be any length. For example, if using the community name public the entry would be "70 75 62 6c 69 63". The command
echo string | od -x
is very useful for acquiring the correct encoding. It would be practical to mirror entries in the snmpv2d.conf(5) file, but not necessary Note: Valid only when the PartyDiscriminator indicates authentication (i. e., PartyDiscriminator > 2), or TDomain indicates SNMPv1 community.

PrivPublicSecret
is unused by the entity at this time. Will store the "secret" as a series of hexadecimal numbers, each digit representing the ASCII value for the character in the string. A value of - represents the null string. The

string can range from 0 to 16 bytes. Note: This field should be null ( - ) for now.

PrivPrivateSecret
represents the "secrets" string for the authentication protocol. The secret is stored as a series of hexadecimal numbers; each digit is the ASCII value for the corresponding character in the string. A value of represents the null string.
If the party is an auth/priv party, this field must have a length of 16 bytes (i.e., 16 hexadecimal numbers in the configuration file). Both digits of each number must be represented. In other words, 1 would be entered as 01.
Note: Valid only when the PartyDiscriminator indicates privacy, i. e., PartyDiscriminator > 4).

EXAMPLES

initialPartyId.192.147.142.16.1 3
snmpUDPDomain 192.147.142.16 161 300 1458 1 nonVolatile false 0
74
68 69 73 74 68 69 73 74 68 69 73 74 68 69 34 -

defines a party as follows:

The name of this party is initialPartyId.192.147.142.16.1, and it is an auth/nopriv party.

TDomain is snmpUDPDomain, indicating this is a SNMPv2 party.

TAddress and Port fields indicate traps or proxy messages will be sent to 192.147.142.16/161.

The Lifetime of the message is set to 300, indicating that the message will be valid as long as it is received by the target at a time greater than the target's idea of "now" minus 300 seconds.

The message can be no longer than 1458 bytes.

The unique party index is 1.

Store this party in non-volatile storage (e. g., NVRAM).

This party is not local to the SNMPv2 entity.

The initial clock will be 0 plus TIME_WARP.

The AuthPublicSecret is unused, so there is a null string for its value.

The AuthPrivateSecret is initialized to
74 68 69 73 74 68 69 73 74 68 69 73 74 68 69 34 which decodes to thisthisthisthi4.

The PrivPublicSecret is unused, so there is a null string for its value.

Since the PartyDiscriminator indicates nopriv, the PrivPrivateSecret is unused, and there is a null string for its value.

Example of a Community Entry
The party table entry:

# public
initialPartyId.192.147.142.16.31 1
rfc1157Domain 192.147.142.16 162 300 1458 31 nonVolatile true 0
70
75 62 6c 69 63
-

defines a party as follows:

The name of this party is initialPartyId.192.147.142.16.31,

and

the PartyDiscriminator is ignored since this is a community. There must be value in the PartyDiscriminator field; a reasonable entry would be 1 (noauth/nopriv in the SNMPv2 world). This is essentially a noauth/nopriv since it is a SNMPv1 community, but the actual values of the partyAuthProtocol will be rfc1157noAuth and par_tyPrivProtocol will be noPriv.

The partyLocal is field is ignored since this is a community, but a value must be present.

The TAddress and Port fields indicate the destination address is port 162 at IP address 192.147.142.16.

The Lifetime is unused since this is a community record, but a value must be present.

The message can be no longer than 1458 bytes.

The unique party index is 31.

Store this party in non-volatile storage (e. g., NVRAM).

The partyLocal and initial clock are both ignored since this is a SNMPv1 community, but there must be entries in those fields.

The AuthPublicSecret, PrivPublicSecret, and PrivPriva_teSecret fields are also unused, and therefore null strings represent their values.

AuthPrivateSecret contains the community name: 70 75 62 6c 69 63
which decodes to public.
This entry may be mirrored in the snmpv2d.conf(5) file.

FILES

acl.pty
Access control privileges for the SNMPv2 parties.

context.pty
Context information for the SNMPv2 parties.

mgr.cnf
Clustername configurations for the managers.

view.pty
MIB view information for the SNMPv2 parties.

For Solaris 2.x, the files are located under:

/etc/opt/snm/manager/acl.pty
/etc/opt/snm/manager/context.pty
/etc/opt/snm/manager/manager.cnf
/etc/opt/snm/manager/manager.pty
/etc/opt/snm/manager/view.pty

For Solaris 1.x, the files are located under:

/etc/snm/manager/acl.pty
/etc/snm/manager/context.pty
/etc/snm/manager/manager.cnf
/etc/snm/manager/manager.pty
/etc/snm/manager/view.pty

SEE ALSO

Table of Contents

• NAME
• SYNOPSIS
• DESCRIPTION