| Where allowed to run: All environments (*ALL) Threadsafe: Yes |
Parameters Examples Error messages |
The Change User for SNMP (CHGUSRSNMP) command changes an existing Simple Network Management Protocol (SNMP) user entry in the SNMP agent user list. An SNMP agent uses this list of users as part of the SNMPv3 User-based Security Model (USM). The USM is used to protect SNMPv3 packets from Modification of Information (Data Integrity), Masquerading (Data Origin Authentication), Disclosure (Data Confidentiality), and Message Stream Modification (Message Timeliness) threats by utilizing a concept of multiple users where each user provides secret keys for authentication and privacy. Each user entry consists of a user name, an authentication protocol, an authentication password with which the authentication keys will be generated, a privacy protocol, a privacy password with which the privacy keys will be generated, a key type indicating whether the generated keys include the IBM i agent engine ID, and finally the type of storage used for this user entry.
The IBM i SNMP also supports the View-based Access Control Model used to associate groups of users with views. A view is a subset of the objects in the management information base (MIB). The Access Control Subsystem of the SNMP agent has the responsibility for checking whether a specific type of access (read, write, notify) to a particular object (instance) is allowed for this user. Access Control occurs (either implicitly or explicitly) in the IBM i SNMP agent when processing SNMP retrieval or modification request messages from an SNMP manager. Access Control also occurs in the IBM i SNMP agent when an SNMP notification message (trap) is generated. In order to implement the View-based Access Contro Model, the SNMP agent stores information about access rights and policies. This information is part of the SNMP engine's Local Configuration Datastore (LCD). For the IBM i agent, the LCD is stored in SNMPD.CONF file located at /QIBM/UserData/OS/SNMP/ directory.
Restrictions:
| Top |
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| USRNAME | User name | Character value | Required, Key, Positional 1 |
| AUTPCL | Authentication protocol | *SAME, *HMACSHA, *HMACMD5, *NONE | Optional |
| AUTPWD | Authentication password | Character value, *SAME | Optional |
| PVYPCL | Privacy protocol | *SAME, *CBCDES, *NONE | Optional |
| PVYPWD | Privacy password | Character value, *SAME | Optional |
| STGTYPE | Storage type | *SAME, *NONVOLATILE, *PERMANENT, *READONLY | Optional |
| Top |
Specifies the name of the SNMP user being changed in the User-based Security Model (USM). The user name has no direct correlation to an IBM i user profile.
This is a required parameter.
| Top |
Specifies the authentication protocol to be used on authenticated messages on behalf of the specified user.
| Top |
Specifies the password used to generate the key to be used in authenticating messages on behalf of this user. This parameter must be specified if the Authentication protocol (AUTPCL) parameter is not *NONE.
| Top |
Specifies the privacy protocol to be used on encrypted messages on behalf of the specified user. This parameter is only valid if the Authentication protocol (AUTPCL) parameter is not *NONE.
| Top |
Specifies the password used to generate the key to be used in encrypting messages to and from this user. This parameter must be specified if the Privacy protocol (PVYPCL) parameter is not *NONE.
| Top |
Specifies the type of storage in which this user definition is maintained. This parameter is an indicator of the level of dynamic configuration available for the user.
| Top |
CHGUSRSNMP USRNAME(USER1) STGTYPE(*READONLY)
This command changes the storage type for SNMP user USER1 to "read only" storage. This allows the user to persist across reboots of the SNMP agent. The user information can not be changed or deleted by dynamic configuration requests.
| Top |
*ESCAPE Messages
| Top |