As you can see in Example 19–3 and Example 19–4, every user that has access to an agent is represented by a userEntry row in each of the agent's and the manager's security files. The example manager jdmk.security file is configured to send requests from aSecureUser to the agent, either with authentication only, or with privacy activated. The agent is configured to receive those requests.
You configure userEntry as follows, with the parameters separated commas:
userEntry=engine ID,user name,security name,authentication algorithm,authentication key, privacy algorithm,privacy key,storage type,template
The only mandatory parameters are the engine ID and the user name. All the other parameters are optional.
The possible values for the parameters are as follows:
A local or remote SNMP engine, defined in one of the following ways:
The string localEngineID, to denote the local engine
A hexadecimal string, as generated by EngineIdGenerator; for example, 0x8000002a05819dcb6e00001f95
A human readable string used to generate an engine ID, providing any or all of the host name, port and IANA number, as shown in 19.3.2 Generating SNMPv3 Engine IDs
Any human-readable string
Any human-readable string
The following algorithms are permitted:
usmHMACMD5AuthProtocol
usmHMACSHAAuthProtocol
usmNoAuthProtocol
Any text password or any hexadecimal key starting with 0x; for example, 0x0098768905AB67EFAA855A453B665B12, of size:
0 to 32 inclusive for HMACMD5
0 to 40 inclusive for HMACSHA
The following algorithms are permitted:
usmDESPrivProtocol
usmNoPrivProtocol
Any text password or any hexadecimal key starting with 0x; for example, 0x0098768905AB67EFAA855A453B665B12, of size 0 to 32 inclusive
If a hexadecimal string is provided, it must be a localized key
A value of 3 denotes non-volatile, meaning that the user entry is flushed in the security file; any other value than 3 will be rejected, throwing an IllegalArgumentException
Can be either true or false:
If true, the row is a template, not seen from USM MIB. This kind of user is used when cloning users.
The default is false.