SNMPv3使用了基于视图的访问控制模型VACM, 它提供对MIB的访问控制。
- RFC 3411 Architecture for SNMP Frameworks http://www.ietf.org/rfc/rfc3411.txt
- RFC 3415 View Access Control Model (VACM) http://www.ietf.org/rfc/rfc3415.txt
VACM引入的元素
1) Groups
A group is a set of zero or more <securityModel, securityName> tuples on whose behalf SNMP management objects can be accessed. A group defines the access rights afforded to all securityNames which belong to that group. The combination of a securityModel and a securityName maps to at most one group. A group is identified by a groupName.
一个VCAM Group包含多个<securityModel, securityName>的组合。一个<securityModel, securityName>的组合最多只能属于一个Group.
在Group上可以定义访问控制策略。
securityModel定义如下:
0 reserved for 'any'
1 reserved for SNMPv1
2 reserved for SNMPv2c
3 User-Based Security Model (USM)
对于USM,securityName就是userName。
2) securityLevel
Different access rights for members of a group can be defined for different levels of security.
在一个Group内可以为不同的securityLevel定义不同的访问权限。securityLevel包括
noAuthNoPriv(1), --无认证无加密
authNoPriv(2), --有认证无加密
authPriv(3) --有认证有加密
3) Contexts
一个SN