test

Solaris System Management Agent Administration Guide

ProcedureTo Create Additional SNMPv3 Users With Security

The preferred method of creating a new user in secure SNMP is to clone the initial user that you originally set up. This procedure copies the user you set up in To Create a New SNMPv3 User. This procedure uses the snmpusm command described in Using USM for Authentication and Message Privacy. For more information, see the snmpusm(1M) man page.

  1. Check whether the System Management Agent is running.


    # svcs svc:/application/management/sma:default

    If the agent is not running, start it.


    # svcadm enable svc:/application/management/sma:default

  2. Create a new user using the snmpusm command.


    # snmpusm -v 3 -u newuser -a MD5 -A my_password -l authNoPriv localhost create lee newuser

    This command creates a user named “lee”. This new user has the same password my_password, as the source user, named “newuser”, that you created in To Create a New SNMPv3 User.

  3. Change the new user's password.


    # snmpusm -v 3 -u lee -a MD5 -A my_password -l authNoPriv localhost passwd my_password lee_password

    This command gives the user lee a new password, lee_password. The default auth type is MD5.

  4. Create associated VACM entries either by directly editing the /etc/sma/snmp/snmpd.conf file or by using the snmpvacm command.

    If you are directly editing the snmpd.conf file you must first temporarily stop the agent.


    # svcadm disable -t svc:/application/management/sma:default

  5. Assign access to lee.

    • To give lee read and write access, add a new rwuser line to the snmpd.conf file.


      rwuser lee

    • To give lee read-only access, add a new rouser line to the snmpd.conf file.


      rouser lee

    If you do not specify a security level, the System Management Agent defaults to authNoPriv. For more information, see the snmpd.conf(4) or snmpvacm(1M) man pages.

  6. Start the System Management Agent.


    # svcadm enable svc:/application/management/sma:default

  7. Check whether this procedure has been successful.

    Check whether your new user exists.


    # snmget -v 3 -u lee -a MD5 -A lee_password -l authNoPriv localhost sysUpTime.0