HM2-USERMGMT-MIB: View SNMP OID List / Download MIB

Hirschmann User and Password Management MIB. Copyright (C) 2011. All Rights Reserved.

This notification is send when a new user is added to the hm2UserConfigTable.

This notification is send when a user is deleted from the hm2UserConfigTable.

This notification is send when a user is locked due to excessive failed login attempts.

This notification is send when a password for a user is changed.

This notification is send when the password policy for a user is changed.

User configuration table. This table provides the functionality the system uses for any interaction started by the user - authentication, encryption - changing authentication, password and access role for login purposes through Web, CLI, SSH, SNMPv3. For SNMPv3 the standard SNMPv3 authentication/encryption methods are used. To create a new user set hm2UserStatus to 'createAndWait, and set the corresponding objects to their values. Setting hm2UserStatus to 'active' activates the user. To delete a user, set hm2UserStatus to 'destroy'. Creating a new user in the hm2UserConfigTable always creates a new user in the SNMPv3 tables. The newly created SNMPv3 user will get the corresponding view in the SNMPv3 tables which matches to one of the given roles the user can have. All objects in this table can be set while a row is 'active'.

User configuration entry.

Agent user name.

Agent user password This object will always return '********' when read. The minimum size of the password is defined with the hm2PwdMgmtMinLength object. The user password can be set while the row is active.

Agent user's role. The user's role can be set while the row is active.

Displays whether the user account is locked due to excessive failed login attempts. If the user is locked out, the hm2UserLockoutStatus status is 'true'. Only a user with the administrator role can set this status back to 'false'.

Displays whether the user is allowed to change his own password. Only a user with the administrator role can set this value.

Displays whether the password policy check is enabled or not. The password policy check objects are defined in the hm2PwdMgmtGroup. Even if this object if set to 'disable' the size of a new password has to be at least the size of the hm2PwdMgmtMinLength object set. Only a user with the administrator role can set this value.

SNMPv3 user authentication. The user password must be set to a string greater than or equal to 8 characters for this to be set to anything but none(0). - hmacmd5(1) -> Use HMAC-MD5 authentication - hmacsha(2) -> Use HMAC-SHA authentication The user authentication type can be set while the row is active . Enumeration: 'hmacmd5': 1, 'hmacsha': 2.

SNMPv3 user encryption Can not be set to des(2) or aesCfb128(3) if hm2UserSnmpAuthenticationType is set to none(0). - none(0) -> no encryption used - des(1) -> DES encryption used - aesCfb128(2) -> AES-128 encryption used The user encryption type can be set while the row is active. Enumeration: 'none': 0, 'des': 1, 'aesCfb128': 2.

Agent user status. active(1) - This user account is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this user account.

Name of the last user created in hm2UserConfigTable.

Name of the last user deleted in hm2UserConfigTable.

Custom based role to name mapping.

The hm2UserCustomAccessRole2NameEntry.

Custom based roles.

Custom based role name.

Custom-based role to name command row status. active(1) - This user account is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this role to name entry.

Base access role from which the custom-based CLI commands are inherited from.

The hm2UserCustomCliCmdInheritEntry.

The base access role the new CLI command is inherited from.

Custom-based CLI base access role command row status. active(1) - This user account is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this role to name entry.

Table containing the custom-based CLI commands.

The entries of the table.

CLI exec mode.

Index of the custom based CLI commands.

The custom based CLI command to be assigned.

The custom based CLI command to be included or excluded in respect to the base role. Enumeration: 'included': 1, 'excluded': 2.

Custom-based CLI command row status. active(1) - This user account is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this CLI command entry.

Minimum length for user passwords All new local user passwords must be at least this many characters in length.

The number of allowable failed local authentication attempts before the user's account is locked. A value of '0' indicates that user accounts will never be locked.

The number of minimum allowable uppercase letters in a password. Minimum of '0' means no restriction on that set of characters.

The number of minimum allowable lowercase letters in a password. Minimum of '0' means no restriction on that set of characters.

The number of minimum allowable numeric numbers in a password. Minimum of '0' means no restriction on that set of characters.

The number of minimum allowable special characters in a password. Minimum of '0' means no restriction on that set of characters. The following special characters are allowed: !#$%&'()*+,-./:;<=>?@[\\]^_`{}~

Shows if one or more default passwords are active for users configured in the hm2UserConfigTable. The hm2PwdMgmtDefaultPwdStatusTable shows for which users the default password is currently actice.

Table showing for which users defined in hm2UserConfigTable the default password has not been changed.

Entry.

Index for the table.

The name of the default user for which the default password has not been changed.

This table provides the functionality the system uses to assign an authentication list to an application. All objects in this table can be set while a row is 'active'.

Application list entry.

Application list name.

The authentication list used for this application to authenticate to the system. The application authentication list can be set while the row is active.

Application row status. active(1) - This user account is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this application list entry.

The hm2UserAuthListTable holds up to 5 policies a user authenticates to the system.

The hm2UserAuthListEntry.

Authentication list index. Unique name used for indexing into this table.

Authentication list policy 1. Configures the first authentication policy to use when this list is specified. - local -> authentication is done through local user database - radius -> authentication is done through a RADIUS server - ias -> authentication is done through a (i)ntegrated (a)uthentication (s)erver - cam -> authentication is done through a CAM server (via LDAP) - ldap -> authentication is done through a AD server (via LDAP) - reject -> authentication is rejected/not allowed. Note: If a policy is set to 'reject' further policies are ignored.

Authentication list policy 2. Configures the first authentication policy to use when this list is specified. - local -> authentication is done through local user database - radius -> authentication is done through a RADIUS server - ias -> authentication is done through a (i)ntegrated (a)uthentication (s)erver - cam -> authentication is done through a CAM server (via LDAP) - ldap -> authentication is done through a AD server (via LDAP) - reject -> authentication is rejected/not allowed Note: If a policy is set to 'reject' further policies are ignored.

Authentication list policy 3. Configures the first authentication policy to use when this list is specified. - local -> authentication is done through local user database - radius -> authentication is done through a RADIUS server - ias -> authentication is done through a (i)ntegrated (a)uthentication (s)erver - cam -> authentication is done through a CAM server (via LDAP) - ldap -> authentication is done through a AD server (via LDAP) - reject -> authentication is rejected/not allowed Note: If a policy is set to 'reject' further policies are ignored.

Authentication list policy 4. Configures the first authentication policy to use when this list is specified. - local -> authentication is done through local user database - radius -> authentication is done through a RADIUS server - ias -> authentication is done through a (i)ntegrated (a)uthentication (s)erver - cam -> authentication is done through a CAM server (via LDAP) - ldap -> authentication is done through a AD server (via LDAP) - reject -> authentication is rejected/not allowed Note: If a policy is set to 'reject' further policies are ignored.

Authentication list policy 5. Configures the first authentication policy to use when this list is specified. - local -> authentication is done through local user database - radius -> authentication is done through a RADIUS server - ias -> authentication is done through a (i)ntegrated (a)uthentication (s)erver - cam -> authentication is done through a CAM server (via LDAP) - ldap -> authentication is done through a AD server (via LDAP) - reject -> authentication is rejected/not allowed Note: If a policy is set to 'reject' further policies are ignored.

The status of the authentication list. active(1) - This entry is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this authentication list.

(I)ntegrated (A)uthentication (S)erver.

The hm2UserIasEntry.

The (I)ntegrated (A)uthentication (S)erver user name.

The (I)ntegrated (A)uthentication (S)erver user password. This object will always return '********' when read. The user password can be set while the row is active.

The status of the IAS users. active(1) - This entry is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this IAS entry.

Indicates that the chosen entry name uses not allowed character(s). Allowed are alphanumerical characters and name size from 1 to 32.

Indicates that the chosen password is incorrect. Check character set, length, policy matching (if password policy checker is enabled).

Indicates that the chosen user entry can not be activated. Be sure that a user password has been successfully set before.

Indicates that the chosen user entry can not be deactivated. Be sure that this user is not the last active admin on the device.

Indicates that the chosen entry can not be added or deleted. Notice that application lists can neither be added nor deleted.

Indicates that the chosen entry can not be deactivated. Be sure that this list is not referenced to an authentication list (hm2UserApplicationListAuthListName has to be set to a zero length string).

Indicates that the chosen policy of this entry can not be set twice. Be sure that a policy is set only once per authentication list (exception: the policy 'reject' can be set several times).

Indicates that the chosen entry can not be deactivated. Be sure that this list is not referenced by an apllication list (hm2UserApplicationListAuthListName is not set to this authentication list name).