    USEC-MIB DEFINITIONS ::= BEGIN

    IMPORTS
--        MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, UInteger32
	snmpModules
            FROM SNMPv2-SMI
        RowStatus, TestAndIncr, RowPointer
             FROM SNMPv2-TC
        KeyChange, MemoryType, TransportLabel, AuthName, SnmpID
             FROM V2ADMIN-MIB
        MODULE-COMPLIANCE, OBJECT-GROUP
            FROM SNMPv2-CONF;


    usecMIB MODULE-IDENTITY
        LAST-UPDATED "9508121700"
        ORGANIZATION "IETF SNMPv2 Working Group"
        CONTACT-INFO "snmpv2@tis.com
                     Complete contact information to be provided."
        DESCRIPTION
              "The MIB module for configuring the USEC security and privacy
              services."
        ::= { snmpModules 1135 }

    --
    -- The usecScalars group.  This group contains objects which provide
    -- time synchronization for the USEC authentication service.
    --
    usecScalars OBJECT IDENTIFIER ::= { usecMIB 1 }

    snmpBoots OBJECT-TYPE
        SYNTAX       Integer32 (-1..2147483647)
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
              "The number of times the management system on a device has
              been re-initialized since its initial configuration."
        ::= { usecScalars 1 }

    snmpTime OBJECT-TYPE
        SYNTAX       Integer32 (0..2147483647)
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION











              "The number of seconds since the SNMPv2 protocol entity
              last incremented the snmpBoots object."
        ::= { usecScalars 2 }





















































    --
    -- The usecStats group.  This group contains objects which provide
    -- statistics for the USEC security and privacy services.
    --

    usecStats OBJECT IDENTIFIER ::= { usecMIB 2 }

    usecStatsNotInTimeWindows OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
              "A count of the number of packets that were deemed
              unauthentic due to the authSnmpBoots or authSnmpTime values
              being out of lifetime."
        ::= { usecStats 1 }

    usecStatsUnknownUserNames OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
              "A count of the number of packets containing an SPI
              associated with usecNoAuth(4), usecAuth(5), or usecPriv(6),
              but whose userNames were not found in the
              userNameTable."
        ::= { usecStats 2 }

    usecStatsWrongDigestValues OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
              "A count of the number of packets that were deemed
              unauthentic due to the digest value being incorrect."
        ::= { usecStats 3 }

    usecStatsBadPrivacys OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
              "A count of the number of packets received which were
              encrypted incorrectly."
        ::= { usecStats 4 }











    --
    -- The usecUser group
    --

    usecUser OBJECT IDENTIFIER ::= { usecMIB 3 }

    userSpinLock OBJECT-TYPE
        SYNTAX       TestAndIncr
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION
              "An advisory lock used to allow several cooperating SNMPv2
              entities, all acting in a manager role, to coordinate their
              use of SNMPv2 set operations to entries in the userNameTable.
              A manager application should include the value of
              userSpinLock in every set operation which accesses the
              userNameTable.  Since this is an advisory lock, entities
              acting in an agent role do not enforce the use of
              userSpinLock."
        ::= { usecUser 1 }

    maxUserNameLength OBJECT-TYPE
        SYNTAX       Integer32 (0..255)
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
              "The maximum length of userName allowed by this implementation.
              This value can be probed by a management application prior
              to attempting a row creation operation in the userNameTable.
              A value of 0 indicates that the userNameTable does not allow
              row creation or deletion operations."
        ::= { usecUser 2 }

    --
    -- The userNameTable contains the database of users who are configured to
    -- perform SNMP communications via the Usec authentication and privacy service.
    -- These users are organized into 'groups'.
    -- The group to which a user belongs is specified in the userGroupName
    -- object.
    --
    -- Access privileges are assigned in the acTable [@ref adminmib] by group.
    -- This allows groups of users to share the same privileges, or for individual
    -- users to have their own unique privileges.
    --
    -- In order to ease the task of configuring SNMPv2 entities, many of the











    -- indices used in the following table are textual (human-readable) strings.
    -- Experience has shown that it is often necessary for a network administrator
    -- to manually edit the configuration datastore for an SNMPv2 entities.
    -- Use of textual strings for indices makes the configuration datastore much
    -- easier for an administrator to maintain.
    -- An implementation may restrict the lengths of userName and userGroupName
    -- entries to less than the maximum value.
    -- The maxUserNameLength variable and maxGroupNameLength [@ref adminmib]
    -- variables can be used to detect the maximum length of name strings
    -- supported by a particular implementation.

    userNameTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF UserNameEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
              "The SNMPv2 database for usecNoAuth(4), usecAuth(5), and
              usecPriv(6) users."
        ::= { usecUser 3 }

    userNameEntry OBJECT-TYPE
        SYNTAX       UserNameEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
              "Information about a particular SNMPv2 user."
        INDEX { userAuthSnmpID, IMPLIED userName }
        ::= { userNameTable 1 }

    UserNameEntry ::= SEQUENCE {
        userAuthSnmpID       SnmpID,
        userName             AuthName,
        userGroupName        AuthName,
        userAuthChange       KeyChange,
        userPrivChange       KeyChange,
        userNovel            OCTET STRING,
        userTransportLabel   TransportLabel,
        userCloneFrom        RowPointer,
        userMemoryType       MemoryType,
        userStatus           RowStatus
    }

    userAuthSnmpID OBJECT-TYPE
        SYNTAX       SnmpID
        MAX-ACCESS   not-accessible











        STATUS       current
        DESCRIPTION
              "The node's administratively-unique identifier.

              In a simple agent, this value will always be equal to the
              agent's snmpID object.

              In a manager which does not send or receive inform requests,
              this value will be equal to the snmpID object of the
              agent with which this user can communicate.

              In a manager which sends or receives inform requests, this
              object will be equal to one of three things:
                  - The snmpID of the agent with which this user
                    can communicate.
                  - The snmpID of the manager's local protocol engine.
                  - The snmpID of a remote manager which this user
                    can send inform requests to or receive inform requests
                    from.

              In a dual-role entity, this value will be some combination
              of those specified for agents and managers above."
        ::= { userNameEntry 1 }

    userName OBJECT-TYPE
        SYNTAX       AuthName (SIZE(1..32))
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
              "This variable contains the textual name of a user."
        ::= { userNameEntry 2 }

    userGroupName OBJECT-TYPE
        SYNTAX       AuthName (SIZE(0..32))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
              "This variable contains the textual name of the group to
              which a user belongs."
        ::= { userNameEntry 3 }

    userAuthChange OBJECT-TYPE
        SYNTAX       KeyChange
        MAX-ACCESS   read-create
        STATUS       current











        DESCRIPTION
              "An object, which when modified, causes the user's secret
              authentication key to be modified via a one-way function.

              When creating a new user, it is an 'inconsistentName' error
              for a set operation to refer to this object unless it is
              previously or concurrently initialized through a set
              operation on the corresponding value of userCloneFrom."
         DEFVAL { ''H }     -- the empty string
         ::= { userNameEntry 4 }

    userPrivChange OBJECT-TYPE
        SYNTAX       KeyChange
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
              "An object, which when modified, causes the user's secret
              privacy key to be modified via a one-way function.

              When creating a new user, it is a 'inconsistentName' error
              for a set operation to refer to this object unless it is
              previously or concurrently initialized through a set
              operation on the corresponding value of userCloneFrom."
         DEFVAL { ''H }     -- the empty string
        ::= { userNameEntry 5 }

    userNovel OBJECT-TYPE
        SYNTAX       OCTET STRING (SIZE(0..20))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
              "This object may be used by a manager as a part of its
              procedure for altering secret information about a user.
              By altering the value of an instance of this object in
              the same SNMPv2 Set-Request used to update secret information,
              a subsequent Get-Request can determine if the Set-Request
              was successful in the event that no response to the
              Set-Request is received.

              When an instance of this object is created, its value is
              initialized to a random value.

              This object need not be stored in non-volatile storage and
              should be initialized to an unpredictable value upon system
              re-initialization."











         DEFVAL { ''H }     -- the empty string
        ::= { userNameEntry 6 }

    userTransportLabel OBJECT-TYPE
        SYNTAX       TransportLabel
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
              "This object specifies a set of transport endpoints from which
              an agent will accept management requests.  If a management
              request generated by this user is received on a transport
              endpoint other than the transport endpoints identified
              by this object, the request is deemed unauthentic.

              The transports identified by this object are specified in
              the transportTable.  Entries in the transportTable whose
              transportLabel value are equal to this object are identified.

              If the value of this object has zero-length, or if the
              transportTable is not implemented, then transport endpoints
              are not checked when authenticating messages generated
              by this user."
         DEFVAL { ''H }     -- the empty string
        ::= { userNameEntry 7 }

    userCloneFrom OBJECT-TYPE
        SYNTAX       RowPointer (SIZE(14..268))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
              "An indication of the user to clone authentication and privacy
              parameters from.  When read, the value { 0 0 } is returned.

              This object must be written exactly once, when the associated
              instance of userStatus either does not exist or has the
              value `notReady'.  Subsequent set operations to this object
              will succeed, but will not cause the agent to take any action.
              When first written, the value identifies an instance of
              a user, the cloning user, whose status column has the value
              'active' or 'not in service'.

              For implementations which support both authentication and
              privacy, the authentication and privacy secrets of the cloning
              user are copied to the corresponding authentication and
              privacy secrets of the user being created.











              For implementations which support only authentication, the
              authentication secret of the cloning user is copied to the
              corresponding authentication secret of the user being created.

              For implementations which support neither authentication nor
              privacy, this object has no effect (and need not be
              implemented)."
        ::= { userNameEntry 8 }

    userMemoryType OBJECT-TYPE
        SYNTAX       MemoryType
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
              "The storage type for this conceptual row in the userNameTable.

              Conceptual rows having the value 'permanent' must allow
              write-access at a minimum to:
              userAuthChange and userNovel for users employing
              authentication; and userPrivChange and userNovel
              for users employing privacy.

              Note that any user which employs authentication or privacy
              must allow its secrets to be updated and thus
              cannot be 'readOnly'."
        ::= { userNameEntry 9 }

    userStatus OBJECT-TYPE
        SYNTAX       RowStatus
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
              "The status of this conceptual row in the userNameTable.

              A user is not qualified for activation until instances of
              all columns of its userNameEntry row have an appropriate
              value.  In particular, one or more management set operations
              are required to configure the entry:

                  a value must be written to the user's userCloneFrom
                  object, and ... update of secrets

              Until instances of all corresponding columns and secrets are
              appropriately configured, the value of the corresponding
              instance of the userStatus column is `notReady'."











        ::= { userNameEntry 10 }























































    -- conformance information

    usecMIBConformance
                   OBJECT IDENTIFIER ::= { usecMIB 4 }
    usecMIBCompliances
                   OBJECT IDENTIFIER ::= { usecMIBConformance 1 }
    usecMIBGroups
                   OBJECT IDENTIFIER ::= { usecMIBConformance 2 }


    -- compliance statements

    usecMIBNoAuthCompliance MODULE-COMPLIANCE
        STATUS    current
        DESCRIPTION
              "The compliance statement for SNMPv2 entities which
              implement the SNMPv2 USEC MIB with no authentication
              or privacy protocols."

        MODULE  -- this module
            MANDATORY-GROUPS { usecNoAuthGroup }
        ::= { usecMIBCompliances 1 }

    usecMIBAuthCompliance MODULE-COMPLIANCE
        STATUS    current
        DESCRIPTION
              "The compliance statement for SNMPv2 entities which
              implement the SNMPv2 USEC MIB with authentication and
              no privacy protocols."

        MODULE  -- this module
            MANDATORY-GROUPS { usecNoAuthGroup, usecAuthGroup }

            OBJECT           userAuthChange
            MIN-ACCESS       read-only
            DESCRIPTION
                  "Write access is not required."

        ::= { usecMIBCompliances 2 }

    usecMIBPrivCompliance MODULE-COMPLIANCE
        STATUS    current
        DESCRIPTION
              "The compliance statement for SNMPv2 entities which
              implement the SNMPv2 USEC MIB with both authentication











              and privacy protocols."

        MODULE  -- this module
            MANDATORY-GROUPS { usecNoAuthGroup, usecAuthGroup, usecPrivGroup }

            OBJECT           userAuthChange
            MIN-ACCESS       read-only
            DESCRIPTION
                  "Write access is not required."

            OBJECT           userPrivChange
            MIN-ACCESS       read-only
            DESCRIPTION
                  "Write access is not required."

        ::= { usecMIBCompliances 3 }








































    -- units of conformance

    usecNoAuthGroup OBJECT-GROUP
        OBJECTS {
                 usecStatsNotInTimeWindows,
                 usecStatsUnknownUserNames,
                 usecStatsWrongDigestValues,
                 usecStatsBadPrivacys,
                 userSpinLock,
                 userAuthSnmpID,
                 userName,
                 userGroupName,
                 userTransportLabel,
                 userCloneFrom,
                 userMemoryType,
                 userStatus
                }
        STATUS    current
        DESCRIPTION

                "A collection of objects providing for configuration of an
                SNMPv2 agent which implements the SNMPv2 User-based Security
                Model."
        ::= { usecMIBGroups 1 }

    usecAuthGroup OBJECT-GROUP
        OBJECTS {
                 userAuthChange,
                 userNovel
                }
        STATUS    current
        DESCRIPTION
              "A collection of objects providing for configuration of an
              SNMPv2 agent which implements the SNMPv2 User-based Security
              Model."
        ::= { usecMIBGroups 2 }

    usecPrivGroup OBJECT-GROUP
        OBJECTS {
                 userPrivChange
                }
        STATUS    current
        DESCRIPTION
              "A collection of objects providing for configuration of an
              SNMPv2 agent which implements the SNMPv2 User-based Security











              Model."
        ::= { usecMIBGroups 3 }

END
