The snmpd agent uses a simple authentication scheme to determine which Simple Network Management Protocol (SNMP) manager stations can access its Management Information Base (MIB) variables. This authentication scheme involves the specification of SNMP access policies. An SNMP access policy is an administrative relationship involving an association among an SNMP community, an access mode, and an MIB view.
An SNMP community is a group of one or more hosts and a community name. A community name is a string of octets that an SNMP manager must embed in an SNMP request packet for authentication purposes.
The access mode specifies the access the hosts in the community are allowed with respect to retrieving and modifying the MIB variables from a specific SNMP agent. The access mode must be one of: none, read-only, read-write, or write-only.
A MIB view defines one or more MIB subtrees that a specific SNMP community can access. The MIB view can be the entire MIB tree or a limited subset of the entire MIB tree.
When the SNMP agent receives a request, the agent verifies the community name with the requesting host Internet Protocol (IP) address to determine if the requesting host is a member of the SNMP community identified by the community name. If the requesting host is indeed a member of the SNMP community, the SNMP agent then determines if the requesting host is allowed the specified access for the specified MIB variables as defined in the access policy associated with that community. If all criteria are met, the SNMP agent attempts to honor the request. Otherwise, the SNMP agent generates an authenticationFailure trap or returns the appropriate error message to the requesting host.
The SNMP access policies for the snmpd agent are user-configurable and are specified in the /etc/snmpd.conf file. To configure the SNMP access policies for the snmpd agent, see the /etc/snmpd.conf file.