Previous to AIX 5.2, SNMPv1 was the only available version of SNMP for AIX. SNMPv3 is provoded in AIX 5.2. SNMPv3 provides a powerful and flexible framework for message security and access control. Message security involves providing the following:
The SNMPv3 architecture introduces the User-based Security Model (USM) for message security and the View-based Access Control Model (VACM) for access control. The architecture supports the concurrent use of different security, access control, and message processing models. For example, community-based security can be used concurrently with USM, if desired.
USM uses the concept of a user for which security parameters (levels of security, authentication and privacy protocols, and keys) are configured at both the agent and the manager. Messages sent using USM are better protected than messages sent with community-based security, where passwords are sent in the clear and diplayed in traces. With USM, messages exchanged between the manager and the agent have data integrity checking and data origin authentication. Message delays and message replays (beyond what happens normally due to a connection-less transport protocol) are protected against with the use of time indicators and request IDs. Data confidentiality, or encryption, is also available, where permitted, as a separately installable product. The SNMP encrypted version can be found on the AIX Expansion Pack.
The use of VACM involves defining collections of data (called views), groups of users of the data, and access statements that define which views a particular group of users can use for reading, writing, or receipt in a trap.
SNMPv3 also introduces the ability to dynamically configure the SNMP agent using SNMP SET commands against the MIB objects that represent the agent's configuration. This dynamic configuration support enables addition, deletion, and modification of configuration entries either locally or remotely.
SNMPv3 access policies and security parameters are specified in the /etc/snmpdv3.conf file on the SNMP agent and /etc/clsnmp.conf file on the SNMP manager. For a scenario on how to configure these files, see Create Users in SNMPv3. You can also refer to the /etc/snmpdv3.conf and /etc/clsnmp.conf file formats in AIX 5L Version 5.2 Files Reference.