IPS-AUTH-MIB DEFINITIONS ::= BEGIN

IMPORTS
	MODULE-IDENTITY,
	OBJECT-TYPE,
	OBJECT-IDENTITY,
	Unsigned32,
	mib-2
		FROM SNMPv2-SMI
	TEXTUAL-CONVENTION,
	RowStatus,
	AutonomousType,
	StorageType
		FROM SNMPv2-TC
	MODULE-COMPLIANCE,
	OBJECT-GROUP
		FROM SNMPv2-CONF
	SnmpAdminString
		FROM SNMP-FRAMEWORK-MIB		-- RFC 3411
	AddressFamilyNumbers
		FROM IANA-ADDRESS-FAMILY-NUMBERS-MIB;

ipsAuthMibModule MODULE-IDENTITY
	LAST-UPDATED "200605220000Z"	-- May 22, 2006 12:00:00 AM
	ORGANIZATION "IETF IPS Working Group"
	CONTACT-INFO
		"
		Mark Bakke
		Postal: Cisco Systems, Inc
		7900 International Drive, Suite 400
		Bloomington, MN
		USA 55425

		E-mail: mbakke@cisco.com

		James Muchow
		Postal: Qlogic Corp.
		6321 Bury Dr.
		Eden Prairie, MN
		USA 55346

		E-Mail: james.muchow@qlogic.com"
	DESCRIPTION
		"The IP Storage Authorization MIB module.
		Copyright (C) The Internet Society (2006).  This version of
		this MIB module is part of RFC 4545;  see the RFC itself for
		full legal notices."
	REVISION "200605220000Z"	-- May 22, 2006 12:00:00 AM
	DESCRIPTION
		"Initial version of the IP Storage Authentication MIB module,
		published as RFC 4545"
	-- 1.3.6.1.2.1.141
	::= { mib-2 141 }


ipsAuthNotifications OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.0
	::= { ipsAuthMibModule 0 }

ipsAuthObjects OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.1
	::= { ipsAuthMibModule 1 }

ipsAuthConformance OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.2
	::= { ipsAuthMibModule 2 }

-- Textual Conventions

IpsAuthAddress ::= TEXTUAL-CONVENTION
	STATUS  current
	DESCRIPTION
		"IP Storage requires the use of address information
		that uses not only the InetAddress type defined in the
		INET-ADDRESS-MIB, but also Fibre Channel type defined
		in the Fibre Channel Management MIB.  Although these
		address types are recognized in the IANA Address Family
		Numbers MIB, the addressing mechanisms have not been
		merged into a well-known, common type.  This data type,
		the IpsAuthAddress, performs the merging for this MIB
		module.

		The formats of objects of this type are determined by
		a corresponding object with syntax AddressFamilyNumbers,
		and thus every object defined using this TC must
		identify the object with syntax AddressFamilyNumbers
		that specifies its type.

		The syntax and semantics of this object depend on the
		identified AddressFamilyNumbers object as follows:

		AddressFamilyNumbers   this object
		====================   ===========
		ipV4(1)                restricted to the same syntax and
		                       semantics as the InetAddressIPv4 TC.

		ipV6(2)                restricted to the same syntax and
		                       semantics as the InetAddressIPv6 TC.

		fibreChannelWWPN (22)
		& fibreChannelWWNN(23) restricted to the same syntax and
		                       semantics as the FcNameIdOrZero TC.

		Types other than the above should not be used unless





		the corresponding format of the IpsAuthAddress object is
		further specified (e.g., in a future revision of this TC)."
	REFERENCE
		"IANA-ADDRESS-FAMILY-NUMBERS-MIB;
		INET-ADDRESS-MIB (RFC 4001);
		FC-MGMT-MIB (RFC 4044)."
	SYNTAX OCTET STRING (SIZE (0..255))


--******************************************************************

ipsAuthDescriptors OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.1.1
	::= { ipsAuthObjects 1 }

ipsAuthMethodTypes OBJECT-IDENTITY
	STATUS  current
	DESCRIPTION
		"Registration point for Authentication Method Types."
	REFERENCE
		"RFC 3720, iSCSI Protocol Specification."
	-- 1.3.6.1.2.1.141.1.1.1
	::= { ipsAuthDescriptors 1 }

ipsAuthMethodNone OBJECT-IDENTITY
	STATUS  current
	DESCRIPTION
		"The authoritative identifier when no authentication
		method is used."
	REFERENCE
		"RFC 3720, iSCSI Protocol Specification."
	-- 1.3.6.1.2.1.141.1.1.1.1
	::= { ipsAuthMethodTypes 1 }

ipsAuthMethodSrp OBJECT-IDENTITY
	STATUS  current
	DESCRIPTION
		"The authoritative identifier when the authentication
		method is SRP."
	REFERENCE
		"RFC 3720, iSCSI Protocol Specification."
	-- 1.3.6.1.2.1.141.1.1.1.2
	::= { ipsAuthMethodTypes 2 }

ipsAuthMethodChap OBJECT-IDENTITY
	STATUS  current
	DESCRIPTION
		"The authoritative identifier when the authentication
		method is CHAP."
	REFERENCE
		"RFC 3720, iSCSI Protocol Specification."
	-- 1.3.6.1.2.1.141.1.1.1.3
	::= { ipsAuthMethodTypes 3 }

ipsAuthMethodKerberos OBJECT-IDENTITY
	STATUS  current
	DESCRIPTION
		"The authoritative identifier when the authentication
		method is Kerberos."
	REFERENCE
		"RFC 3720, iSCSI Protocol Specification."
	-- 1.3.6.1.2.1.141.1.1.1.4
	::= { ipsAuthMethodTypes 4 }

--******************************************************************

ipsAuthInstance OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.1.2
	::= { ipsAuthObjects 2 }

-- Instance Attributes Table

ipsAuthInstanceAttributesTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF IpsAuthInstanceAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"A list of Authorization instances present on the system."
	-- 1.3.6.1.2.1.141.1.2.2
	::= { ipsAuthInstance 2 }


ipsAuthInstanceAttributesEntry OBJECT-TYPE
	SYNTAX  IpsAuthInstanceAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry (row) containing management information
		applicable to a particular Authorization instance."
	INDEX {
		ipsAuthInstIndex }
	-- 1.3.6.1.2.1.141.1.2.2.1
	::= { ipsAuthInstanceAttributesTable 1 }


IpsAuthInstanceAttributesEntry ::= SEQUENCE {

	ipsAuthInstIndex       Unsigned32,
	ipsAuthInstDescr       SnmpAdminString,
	ipsAuthInstStorageType StorageType }


ipsAuthInstIndex OBJECT-TYPE
	SYNTAX  Unsigned32 (1..4294967295)
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An arbitrary integer used to uniquely identify a
		particular authorization instance.  This index value
		must not be modified or reused by an agent unless
		a reboot has occurred.  An agent should attempt to
		keep this value persistent across reboots."
	-- 1.3.6.1.2.1.141.1.2.2.1.1
	::= { ipsAuthInstanceAttributesEntry 1 }


ipsAuthInstDescr OBJECT-TYPE
	SYNTAX  SnmpAdminString
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"A character string, determined by the implementation to
		describe the authorization instance.  When only a single
		instance is present, this object may be set to the
		zero-length string; with multiple authorization
		instances, it must be set to a unique value in an
		implementation-dependent manner to describe the purpose
		of the respective instance.  If this is deployed in a
		master agent with more than one subagent implementing
		this MIB module, the master agent is responsible for
		ensuring that this object is unique across all
		subagents."
	-- 1.3.6.1.2.1.141.1.2.2.1.2
	::= { ipsAuthInstanceAttributesEntry 2 }


ipsAuthInstStorageType OBJECT-TYPE
	SYNTAX  StorageType
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"The storage type for all read-write objects within this
		row.  Rows in this table are always created via an
		external process, and may have a storage type of readOnly
		or permanent.  Conceptual rows having the value 'permanent'
		need not allow write access to any columnar objects in
		the row.

		If this object has the value 'volatile', modifications
		to read-write objects in this row are not persistent
		across reboots.  If this object has the value
		'nonVolatile', modifications to objects in this row
		are persistent.

		An implementation may choose to allow this object
		to be set to either 'nonVolatile' or 'volatile',
		allowing the management application to choose this
		behavior."
	DEFVAL { volatile }
	-- 1.3.6.1.2.1.141.1.2.2.1.3
	::= { ipsAuthInstanceAttributesEntry 3 }


ipsAuthIdentity OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.1.3
	::= { ipsAuthObjects 3 }

-- User Identity Attributes Table

ipsAuthIdentAttributesTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF IpsAuthIdentAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"A list of user identities, each belonging to a
		particular ipsAuthInstance."
	-- 1.3.6.1.2.1.141.1.3.1
	::= { ipsAuthIdentity 1 }


ipsAuthIdentAttributesEntry OBJECT-TYPE
	SYNTAX  IpsAuthIdentAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry (row) containing management information
		describing a user identity within an authorization
		instance on this node."
	INDEX {
		ipsAuthInstIndex,
		ipsAuthIdentIndex }
	-- 1.3.6.1.2.1.141.1.3.1.1
	::= { ipsAuthIdentAttributesTable 1 }


IpsAuthIdentAttributesEntry ::= SEQUENCE {

	ipsAuthIdentIndex       Unsigned32,
	ipsAuthIdentDescription SnmpAdminString,
	ipsAuthIdentRowStatus   RowStatus,
	ipsAuthIdentStorageType StorageType }


ipsAuthIdentIndex OBJECT-TYPE
	SYNTAX  Unsigned32 (1..4294967295)
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An arbitrary integer used to uniquely identify a
		particular identity instance within an authorization
		instance present on the node.  This index value
		must not be modified or reused by an agent unless
		a reboot has occurred.  An agent should attempt to
		keep this value persistent across reboots."
	-- 1.3.6.1.2.1.141.1.3.1.1.1
	::= { ipsAuthIdentAttributesEntry 1 }


ipsAuthIdentDescription OBJECT-TYPE
	SYNTAX  SnmpAdminString
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"A character string describing this particular identity."
	-- 1.3.6.1.2.1.141.1.3.1.1.2
	::= { ipsAuthIdentAttributesEntry 2 }


ipsAuthIdentRowStatus OBJECT-TYPE
	SYNTAX  RowStatus
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This field allows entries to be dynamically added and
		removed from this table via SNMP.  When adding a row to
		this table, all non-Index/RowStatus objects must be set.
		Rows may be discarded using RowStatus.  The value of
		ipsAuthIdentDescription may be set while
		ipsAuthIdentRowStatus is 'active'."
	-- 1.3.6.1.2.1.141.1.3.1.1.3
	::= { ipsAuthIdentAttributesEntry 3 }


ipsAuthIdentStorageType OBJECT-TYPE
	SYNTAX  StorageType
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The storage type for all read-create objects in this row.
		Rows in this table that were created through an external
		process may have a storage type of readOnly or permanent.
		Conceptual rows having the value 'permanent' need not
		allow write access to any columnar objects in the row."
	DEFVAL { nonVolatile }
	-- 1.3.6.1.2.1.141.1.3.1.1.4
	::= { ipsAuthIdentAttributesEntry 4 }


ipsAuthIdentityName OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.1.4
	::= { ipsAuthObjects 4 }

-- User Initiator Name Attributes Table

ipsAuthIdentNameAttributesTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF IpsAuthIdentNameAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"A list of unique names that can be used to positively
		identify a particular user identity."
	-- 1.3.6.1.2.1.141.1.4.1
	::= { ipsAuthIdentityName 1 }


ipsAuthIdentNameAttributesEntry OBJECT-TYPE
	SYNTAX  IpsAuthIdentNameAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry (row) containing management information
		applicable to a unique identity name, which can be used
		to identify a user identity within a particular
		authorization instance."
	INDEX {
		ipsAuthInstIndex,
		ipsAuthIdentIndex,
		ipsAuthIdentNameIndex }
	-- 1.3.6.1.2.1.141.1.4.1.1
	::= { ipsAuthIdentNameAttributesTable 1 }


IpsAuthIdentNameAttributesEntry ::= SEQUENCE {

	ipsAuthIdentNameIndex       Unsigned32,
	ipsAuthIdentName            SnmpAdminString,
	ipsAuthIdentNameRowStatus   RowStatus,
	ipsAuthIdentNameStorageType StorageType }


ipsAuthIdentNameIndex OBJECT-TYPE
	SYNTAX  Unsigned32 (1..4294967295)
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An arbitrary integer used to uniquely identify a
		particular identity name instance within an
		ipsAuthIdentity within an authorization instance.
		This index value must not be modified or reused by
		an agent unless a reboot has occurred.  An agent
		should attempt to keep this value persistent across
		reboots."
	-- 1.3.6.1.2.1.141.1.4.1.1.1
	::= { ipsAuthIdentNameAttributesEntry 1 }


ipsAuthIdentName OBJECT-TYPE
	SYNTAX  SnmpAdminString
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"A character string that is the unique name of an
		identity that may be used to identify this ipsAuthIdent
		entry."
	-- 1.3.6.1.2.1.141.1.4.1.1.2
	::= { ipsAuthIdentNameAttributesEntry 2 }


ipsAuthIdentNameRowStatus OBJECT-TYPE
	SYNTAX  RowStatus
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This field allows entries to be dynamically added and
		removed from this table via SNMP.  When adding a row to
		this table, all non-Index/RowStatus objects must be set.
		Rows may be discarded using RowStatus.  The value of
		ipsAuthIdentName may be set when this value is 'active'."
	-- 1.3.6.1.2.1.141.1.4.1.1.3
	::= { ipsAuthIdentNameAttributesEntry 3 }


ipsAuthIdentNameStorageType OBJECT-TYPE
	SYNTAX  StorageType
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The storage type for all read-create objects in this row.
		Rows in this table that were created through an external
		process may have a storage type of readOnly or permanent.
		Conceptual rows having the value 'permanent' need not
		allow write access to any columnar objects in the row."
	DEFVAL { nonVolatile }
	-- 1.3.6.1.2.1.141.1.4.1.1.4
	::= { ipsAuthIdentNameAttributesEntry 4 }


ipsAuthIdentityAddress OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.1.5
	::= { ipsAuthObjects 5 }

-- User Initiator Address Attributes Table

ipsAuthIdentAddrAttributesTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF IpsAuthIdentAddrAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"A list of address ranges that are allowed to serve
		as the endpoint addresses of a particular identity.
		An address range includes a starting and ending address
		and an optional netmask, and an address type indicator,
		which can specify whether the address is IPv4, IPv6,
		FC-WWPN, or FC-WWNN."
	-- 1.3.6.1.2.1.141.1.5.1
	::= { ipsAuthIdentityAddress 1 }


ipsAuthIdentAddrAttributesEntry OBJECT-TYPE
	SYNTAX  IpsAuthIdentAddrAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry (row) containing management information
		applicable to an address range that is used as part
		of the authorization of an identity
		within an authorization instance on this node."
	INDEX {
		ipsAuthInstIndex,
		ipsAuthIdentIndex,
		ipsAuthIdentAddrIndex }
	-- 1.3.6.1.2.1.141.1.5.1.1
	::= { ipsAuthIdentAddrAttributesTable 1 }


IpsAuthIdentAddrAttributesEntry ::= SEQUENCE {

	ipsAuthIdentAddrIndex       Unsigned32,
	ipsAuthIdentAddrType        AddressFamilyNumbers,
	ipsAuthIdentAddrStart       IpsAuthAddress,
	ipsAuthIdentAddrEnd         IpsAuthAddress,
	ipsAuthIdentAddrRowStatus   RowStatus,
	ipsAuthIdentAddrStorageType StorageType }


ipsAuthIdentAddrIndex OBJECT-TYPE
	SYNTAX  Unsigned32 (1..4294967295)
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An arbitrary integer used to uniquely identify a
		particular ipsAuthIdentAddress instance within an
		ipsAuthIdentity within an authorization instance
		present on the node.
		This index value must not be modified or reused by
		an agent unless a reboot has occurred.  An agent
		should attempt to keep this value persistent across
		reboots."
	-- 1.3.6.1.2.1.141.1.5.1.1.1
	::= { ipsAuthIdentAddrAttributesEntry 1 }


ipsAuthIdentAddrType OBJECT-TYPE
	SYNTAX  AddressFamilyNumbers
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The address types used in the ipsAuthIdentAddrStart
		and ipsAuthAddrEnd objects.  This type is taken
		from the IANA address family types."
	-- 1.3.6.1.2.1.141.1.5.1.1.2
	::= { ipsAuthIdentAddrAttributesEntry 2 }


ipsAuthIdentAddrStart OBJECT-TYPE
	SYNTAX  IpsAuthAddress
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The starting address of the allowed address range.
		The format of this object is determined by
		ipsAuthIdentAddrType."
	-- 1.3.6.1.2.1.141.1.5.1.1.3
	::= { ipsAuthIdentAddrAttributesEntry 3 }


ipsAuthIdentAddrEnd OBJECT-TYPE
	SYNTAX  IpsAuthAddress
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The ending address of the allowed address range.
		If the ipsAuthIdentAddrEntry specifies a single
		address, this shall match the ipsAuthIdentAddrStart.
		The format of this object is determined by
		ipsAuthIdentAddrType."
	-- 1.3.6.1.2.1.141.1.5.1.1.4
	::= { ipsAuthIdentAddrAttributesEntry 4 }


ipsAuthIdentAddrRowStatus OBJECT-TYPE
	SYNTAX  RowStatus
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This field allows entries to be dynamically added and
		removed from this table via SNMP.  When adding a row to
		this table, all non-Index/RowStatus objects must be set.
		Rows may be discarded using RowStatus.  The values of
		ipsAuthIdentAddrStart and ipsAuthIdentAddrEnd may be set
		when this value is 'active'.  The value of
		ipsAuthIdentAddrType may not be set when this value is
		'active'."
	-- 1.3.6.1.2.1.141.1.5.1.1.5
	::= { ipsAuthIdentAddrAttributesEntry 5 }


ipsAuthIdentAddrStorageType OBJECT-TYPE
	SYNTAX  StorageType
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The storage type for all read-create objects in this row.
		Rows in this table that were created through an external
		process may have a storage type of readOnly or permanent.
		Conceptual rows having the value 'permanent' need not
		allow write access to any columnar objects in the row."
	DEFVAL { nonVolatile }
	-- 1.3.6.1.2.1.141.1.5.1.1.6
	::= { ipsAuthIdentAddrAttributesEntry 6 }


ipsAuthCredential OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.1.6
	::= { ipsAuthObjects 6 }

-- Credential Attributes Table

ipsAuthCredentialAttributesTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF IpsAuthCredentialAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"A list of credentials related to user identities
		that are allowed as valid authenticators of the
		particular identity."
	-- 1.3.6.1.2.1.141.1.6.1
	::= { ipsAuthCredential 1 }


ipsAuthCredentialAttributesEntry OBJECT-TYPE
	SYNTAX  IpsAuthCredentialAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry (row) containing management information
		applicable to a credential that verifies a user
		identity within an authorization instance.





		To provide complete information in this MIB for a credential,
		the management station must not only create the row in this
		table but must also create a row in another table, where the
		other table is determined by the value of
		ipsAuthCredAuthMethod, e.g., if ipsAuthCredAuthMethod has the
		value ipsAuthMethodChap, a row must be created in the
		ipsAuthCredChapAttributesTable."
	INDEX {
		ipsAuthInstIndex,
		ipsAuthIdentIndex,
		ipsAuthCredIndex }
	-- 1.3.6.1.2.1.141.1.6.1.1
	::= { ipsAuthCredentialAttributesTable 1 }


IpsAuthCredentialAttributesEntry ::= SEQUENCE {

	ipsAuthCredIndex       Unsigned32,
	ipsAuthCredAuthMethod  AutonomousType,
	ipsAuthCredRowStatus   RowStatus,
	ipsAuthCredStorageType StorageType }


ipsAuthCredIndex OBJECT-TYPE
	SYNTAX  Unsigned32 (1..4294967295)
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An arbitrary integer used to uniquely identify a
		particular Credential instance within an instance
		present on the node.
		This index value must not be modified or reused by
		an agent unless a reboot has occurred.  An agent
		should attempt to keep this value persistent across
		reboots."
	-- 1.3.6.1.2.1.141.1.6.1.1.1
	::= { ipsAuthCredentialAttributesEntry 1 }


ipsAuthCredAuthMethod OBJECT-TYPE
	SYNTAX  AutonomousType
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This object contains an OBJECT IDENTIFIER
		that identifies the authentication method
		used with this credential.

		When a row is created in this table, a corresponding
		row must be created by the management station
		in a corresponding table specified by this value.

		When a row is deleted from this table, the corresponding
		row must be automatically deleted by the agent in
		the corresponding table specified by this value.






		If the value of this object is ipsAuthMethodNone, no
		corresponding rows are created or deleted from other
		tables.

		Some standardized values for this object are defined
		within the ipsAuthMethodTypes subtree."
	-- 1.3.6.1.2.1.141.1.6.1.1.2
	::= { ipsAuthCredentialAttributesEntry 2 }


ipsAuthCredRowStatus OBJECT-TYPE
	SYNTAX  RowStatus
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This field allows entries to be dynamically added and
		removed from this table via SNMP.  When adding a row to
		this table, all non-Index/RowStatus objects must be set.
		Rows may be discarded using RowStatus.  The value of
		ipsAuthCredAuthMethod must not be changed while this row
		is 'active'."
	-- 1.3.6.1.2.1.141.1.6.1.1.3
	::= { ipsAuthCredentialAttributesEntry 3 }


ipsAuthCredStorageType OBJECT-TYPE
	SYNTAX  StorageType
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The storage type for all read-create objects in this row.
		Rows in this table that were created through an external
		process may have a storage type of readOnly or permanent.
		Conceptual rows having the value 'permanent' need not
		allow write access to any columnar objects in the row."
	DEFVAL { nonVolatile }
	-- 1.3.6.1.2.1.141.1.6.1.1.4
	::= { ipsAuthCredentialAttributesEntry 4 }


ipsAuthCredChap OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.1.7
	::= { ipsAuthObjects 7 }

-- Credential Chap-Specific Attributes Table

ipsAuthCredChapAttributesTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF IpsAuthCredChapAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"A list of CHAP attributes for credentials that
		use ipsAuthMethodChap as their ipsAuthCredAuthMethod.

		A row in this table can only exist when an instance of
		the ipsAuthCredAuthMethod object exists (or is created





		simultaneously) having the same instance identifiers
		and a value of 'ipsAuthMethodChap'."
	-- 1.3.6.1.2.1.141.1.7.1
	::= { ipsAuthCredChap 1 }


ipsAuthCredChapAttributesEntry OBJECT-TYPE
	SYNTAX  IpsAuthCredChapAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry (row) containing management information
		applicable to a credential that uses
		ipsAuthMethodChap as their ipsAuthCredAuthMethod.

		When a row is created in ipsAuthCredentialAttributesTable
		with ipsAuthCredAuthMethod = ipsAuthCredChap, the
		management station must create a corresponding row
		in this table.

		When a row is deleted from ipsAuthCredentialAttributesTable
		with ipsAuthCredAuthMethod = ipsAuthCredChap, the
		agent must delete the corresponding row (if any) in
		this table."
	INDEX {
		ipsAuthInstIndex,
		ipsAuthIdentIndex,
		ipsAuthCredIndex }
	-- 1.3.6.1.2.1.141.1.7.1.1
	::= { ipsAuthCredChapAttributesTable 1 }


IpsAuthCredChapAttributesEntry ::= SEQUENCE {

	ipsAuthCredChapUserName    SnmpAdminString,
	ipsAuthCredChapRowStatus   RowStatus,
	ipsAuthCredChapStorageType StorageType }


ipsAuthCredChapUserName OBJECT-TYPE
	SYNTAX  SnmpAdminString
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"A character string containing the CHAP user name for this
		credential."
	REFERENCE
		"W. Simpson, RFC 1994: PPP Challenge Handshake
		Authentication Protocol (CHAP), August 1996"
	-- 1.3.6.1.2.1.141.1.7.1.1.1
	::= { ipsAuthCredChapAttributesEntry 1 }


ipsAuthCredChapRowStatus OBJECT-TYPE
	SYNTAX  RowStatus
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This field allows entries to be dynamically added and
		removed from this table via SNMP.  When adding a row to
		this table, all non-Index/RowStatus objects must be set.
		Rows may be discarded using RowStatus.  The value of
		ipsAuthCredChapUserName may be changed while this row
		is 'active'."
	-- 1.3.6.1.2.1.141.1.7.1.1.2
	::= { ipsAuthCredChapAttributesEntry 2 }


ipsAuthCredChapStorageType OBJECT-TYPE
	SYNTAX  StorageType
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The storage type for all read-create objects in this row.
		Rows in this table that were created through an external
		process may have a storage type of readOnly or permanent.
		Conceptual rows having the value 'permanent' need not
		allow write access to any columnar objects in the row."
	DEFVAL { nonVolatile }
	-- 1.3.6.1.2.1.141.1.7.1.1.3
	::= { ipsAuthCredChapAttributesEntry 3 }


ipsAuthCredSrp OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.1.8
	::= { ipsAuthObjects 8 }

-- Credential Srp-Specific Attributes Table

ipsAuthCredSrpAttributesTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF IpsAuthCredSrpAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"A list of SRP attributes for credentials that
		use ipsAuthMethodSrp as its ipsAuthCredAuthMethod.

		A row in this table can only exist when an instance of
		the ipsAuthCredAuthMethod object exists (or is created
		simultaneously) having the same instance identifiers
		and a value of 'ipsAuthMethodSrp'."
	-- 1.3.6.1.2.1.141.1.8.1
	::= { ipsAuthCredSrp 1 }


ipsAuthCredSrpAttributesEntry OBJECT-TYPE
	SYNTAX  IpsAuthCredSrpAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry (row) containing management information
		applicable to a credential that uses
		ipsAuthMethodSrp as their ipsAuthCredAuthMethod.






		When a row is created in ipsAuthCredentialAttributesTable
		with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
		management station must create a corresponding row
		in this table.

		When a row is deleted from ipsAuthCredentialAttributesTable
		with ipsAuthCredAuthMethod = ipsAuthCredSrp, the
		agent must delete the corresponding row (if any) in
		this table."
	INDEX {
		ipsAuthInstIndex,
		ipsAuthIdentIndex,
		ipsAuthCredIndex }
	-- 1.3.6.1.2.1.141.1.8.1.1
	::= { ipsAuthCredSrpAttributesTable 1 }


IpsAuthCredSrpAttributesEntry ::= SEQUENCE {

	ipsAuthCredSrpUserName    SnmpAdminString,
	ipsAuthCredSrpRowStatus   RowStatus,
	ipsAuthCredSrpStorageType StorageType }


ipsAuthCredSrpUserName OBJECT-TYPE
	SYNTAX  SnmpAdminString
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"A character string containing the SRP user name for this
		credential."
	REFERENCE
		"T. Wu, RFC 2945: The SRP Authentication and Key
		Exchange System, September 2000"
	-- 1.3.6.1.2.1.141.1.8.1.1.1
	::= { ipsAuthCredSrpAttributesEntry 1 }


ipsAuthCredSrpRowStatus OBJECT-TYPE
	SYNTAX  RowStatus
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This field allows entries to be dynamically added and
		removed from this table via SNMP.  When adding a row to
		this table, all non-Index/RowStatus objects must be set.
		Rows may be discarded using RowStatus.  The value of
		ipsAuthCredSrpUserName may be changed while the status
		of this row is 'active'."
	-- 1.3.6.1.2.1.141.1.8.1.1.2
	::= { ipsAuthCredSrpAttributesEntry 2 }


ipsAuthCredSrpStorageType OBJECT-TYPE
	SYNTAX  StorageType
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The storage type for all read-create objects in this row.
		Rows in this table that were created through an external
		process may have a storage type of readOnly or permanent.
		Conceptual rows having the value 'permanent' need not
		allow write access to any columnar objects in the row."
	DEFVAL { nonVolatile }
	-- 1.3.6.1.2.1.141.1.8.1.1.3
	::= { ipsAuthCredSrpAttributesEntry 3 }


ipsAuthCredKerberos OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.1.9
	::= { ipsAuthObjects 9 }

-- Credential Kerberos-Specific Attributes Table

ipsAuthCredKerbAttributesTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF IpsAuthCredKerbAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"A list of Kerberos attributes for credentials that
		use ipsAuthMethodKerberos as their ipsAuthCredAuthMethod.

		A row in this table can only exist when an instance of
		the ipsAuthCredAuthMethod object exists (or is created
		simultaneously) having the same instance identifiers
		and a value of 'ipsAuthMethodKerb'."
	-- 1.3.6.1.2.1.141.1.9.1
	::= { ipsAuthCredKerberos 1 }


ipsAuthCredKerbAttributesEntry OBJECT-TYPE
	SYNTAX  IpsAuthCredKerbAttributesEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry (row) containing management information
		applicable to a credential that uses
		ipsAuthMethodKerberos as its ipsAuthCredAuthMethod.

		When a row is created in ipsAuthCredentialAttributesTable
		with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
		management station must create a corresponding row
		in this table.

		When a row is deleted from ipsAuthCredentialAttributesTable
		with ipsAuthCredAuthMethod = ipsAuthCredKerberos, the
		agent must delete the corresponding row (if any) in
		this table."
	INDEX {
		ipsAuthInstIndex,
		ipsAuthIdentIndex,
		ipsAuthCredIndex }
	-- 1.3.6.1.2.1.141.1.9.1.1
	::= { ipsAuthCredKerbAttributesTable 1 }


IpsAuthCredKerbAttributesEntry ::= SEQUENCE {

	ipsAuthCredKerbPrincipal   SnmpAdminString,
	ipsAuthCredKerbRowStatus   RowStatus,
	ipsAuthCredKerbStorageType StorageType }


ipsAuthCredKerbPrincipal OBJECT-TYPE
	SYNTAX  SnmpAdminString
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"A character string containing a Kerberos principal
		for this credential."
	REFERENCE
		"C. Neuman, S. Hartman, and K. Raeburn, RFC 4120:
		The Kerberos Network Authentication Service (V5),
		July 2005"
	-- 1.3.6.1.2.1.141.1.9.1.1.1
	::= { ipsAuthCredKerbAttributesEntry 1 }


ipsAuthCredKerbRowStatus OBJECT-TYPE
	SYNTAX  RowStatus
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This field allows entries to be dynamically added and
		removed from this table via SNMP.  When adding a row to
		this table, all non-Index/RowStatus objects must be set.
		Rows may be discarded using RowStatus.  The value of
		ipsAuthCredKerbPrincipal may be changed while this row
		is 'active'."
	-- 1.3.6.1.2.1.141.1.9.1.1.2
	::= { ipsAuthCredKerbAttributesEntry 2 }


ipsAuthCredKerbStorageType OBJECT-TYPE
	SYNTAX  StorageType
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The storage type for all read-create objects in this row.
		Rows in this table that were created through an external
		process may have a storage type of readOnly or permanent.
		Conceptual rows having the value 'permanent' need not
		allow write access to any columnar objects in the row."
	DEFVAL { nonVolatile }
	-- 1.3.6.1.2.1.141.1.9.1.1.3
	::= { ipsAuthCredKerbAttributesEntry 3 }


--******************************************************************
-- Notifications
-- There are no notifications necessary in this MIB module.
--******************************************************************
-- Conformance Statements

ipsAuthCompliances OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.2.1
	::= { ipsAuthConformance 1 }

ipsAuthGroups OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.141.2.2
	::= { ipsAuthConformance 2 }

ipsAuthInstanceAttributesGroup OBJECT-GROUP
	OBJECTS {
		ipsAuthInstDescr,
		ipsAuthInstStorageType }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		authorization instances."
	-- 1.3.6.1.2.1.141.2.2.1
	::= { ipsAuthGroups 1 }

ipsAuthIdentAttributesGroup OBJECT-GROUP
	OBJECTS {
		ipsAuthIdentDescription,
		ipsAuthIdentRowStatus,
		ipsAuthIdentStorageType }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		user identities within an authorization instance."
	-- 1.3.6.1.2.1.141.2.2.2
	::= { ipsAuthGroups 2 }

ipsAuthIdentNameAttributesGroup OBJECT-GROUP
	OBJECTS {
		ipsAuthIdentName,
		ipsAuthIdentNameRowStatus,
		ipsAuthIdentNameStorageType }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		user names within user identities within an authorization
		instance."
	-- 1.3.6.1.2.1.141.2.2.3
	::= { ipsAuthGroups 3 }

ipsAuthIdentAddrAttributesGroup OBJECT-GROUP
	OBJECTS {
		ipsAuthIdentAddrType,
		ipsAuthIdentAddrStart,
		ipsAuthIdentAddrEnd,
		ipsAuthIdentAddrRowStatus,
		ipsAuthIdentAddrStorageType }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		address ranges within user identities within an
		authorization instance."
	-- 1.3.6.1.2.1.141.2.2.4
	::= { ipsAuthGroups 4 }

ipsAuthIdentCredAttributesGroup OBJECT-GROUP
	OBJECTS {
		ipsAuthCredAuthMethod,
		ipsAuthCredRowStatus,
		ipsAuthCredStorageType }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		credentials within user identities within an authorization
		instance."
	-- 1.3.6.1.2.1.141.2.2.5
	::= { ipsAuthGroups 5 }

ipsAuthIdentChapAttrGroup OBJECT-GROUP
	OBJECTS {
		ipsAuthCredChapUserName,
		ipsAuthCredChapRowStatus,
		ipsAuthCredChapStorageType }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		CHAP credentials within user identities within an
		authorization instance."
	-- 1.3.6.1.2.1.141.2.2.6
	::= { ipsAuthGroups 6 }

ipsAuthIdentSrpAttrGroup OBJECT-GROUP
	OBJECTS {
		ipsAuthCredSrpUserName,
		ipsAuthCredSrpRowStatus,
		ipsAuthCredSrpStorageType }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		SRP credentials within user identities within an
		authorization instance."
	-- 1.3.6.1.2.1.141.2.2.7
	::= { ipsAuthGroups 7 }

ipsAuthIdentKerberosAttrGroup OBJECT-GROUP
	OBJECTS {
		ipsAuthCredKerbPrincipal,
		ipsAuthCredKerbRowStatus,
		ipsAuthCredKerbStorageType }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		Kerberos credentials within user identities within an
		authorization instance."
	-- 1.3.6.1.2.1.141.2.2.8
	::= { ipsAuthGroups 8 }


--******************************************************************

ipsAuthComplianceV1 MODULE-COMPLIANCE
	STATUS  current
	DESCRIPTION
		"Initial version of compliance statement based on
		initial version of this MIB module.

		The Instance and Identity groups are mandatory;
		at least one of the other groups (Name, Address,
		Credential, Certificate) is also mandatory for
		any given implementation."

	MODULE 
	MANDATORY-GROUPS {
			ipsAuthInstanceAttributesGroup,
			ipsAuthIdentAttributesGroup }

	GROUP ipsAuthIdentNameAttributesGroup
	  DESCRIPTION
		"This group is mandatory for all implementations
		that make use of unique identity names."
	GROUP ipsAuthIdentAddrAttributesGroup
	  DESCRIPTION
		"This group is mandatory for all implementations
		that use addresses to help verify identities."
	GROUP ipsAuthIdentCredAttributesGroup
	  DESCRIPTION
		"This group is mandatory for all implementations
		that use credentials to help verify identities."
	GROUP ipsAuthIdentChapAttrGroup
	  DESCRIPTION
		"This group is mandatory for all implementations
		that use CHAP to help verify identities.

		The ipsAuthIdentCredAttributesGroup must be
		implemented if this group is implemented."
	GROUP ipsAuthIdentSrpAttrGroup
	  DESCRIPTION
		"This group is mandatory for all implementations
		that use SRP to help verify identities.

		The ipsAuthIdentCredAttributesGroup must be
		implemented if this group is implemented."
	GROUP ipsAuthIdentKerberosAttrGroup
	  DESCRIPTION
		"This group is mandatory for all implementations
		that use Kerberos to help verify identities.

		The ipsAuthIdentCredAttributesGroup must be
		implemented if this group is implemented."
	OBJECT ipsAuthInstDescr
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT ipsAuthInstStorageType
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT ipsAuthIdentDescription
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT ipsAuthIdentRowStatus
	  SYNTAX INTEGER {
			active(1) }
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required, and only one of the
		six enumerated values for the RowStatus textual
		convention need be supported, specifically:
		active(1)."
	OBJECT ipsAuthIdentName
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT ipsAuthIdentNameRowStatus
	  SYNTAX INTEGER {
			active(1) }
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required, and only one of the
		six enumerated values for the RowStatus textual
		convention need be supported, specifically:
		active(1)."
	OBJECT ipsAuthIdentAddrType
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT ipsAuthIdentAddrStart
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT ipsAuthIdentAddrEnd
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT ipsAuthIdentAddrRowStatus
	  SYNTAX INTEGER {
			active(1) }
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required, and only one of the
		six enumerated values for the RowStatus textual
		convention need be supported, specifically:
		active(1)."
	OBJECT ipsAuthCredAuthMethod
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT ipsAuthCredRowStatus
	  SYNTAX INTEGER {
			active(1) }
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required, and only one of the





		six enumerated values for the RowStatus textual
		convention need be supported, specifically:
		active(1)."
	OBJECT ipsAuthCredChapUserName
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT ipsAuthCredChapRowStatus
	  SYNTAX INTEGER {
			active(1) }
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required, and only one of the
		six enumerated values for the RowStatus textual
		convention need be supported, specifically:
		active(1)."
	OBJECT ipsAuthCredSrpUserName
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT ipsAuthCredSrpRowStatus
	  SYNTAX INTEGER {
			active(1) }
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required, and only one of the
		six enumerated values for the RowStatus textual
		convention need be supported, specifically:
		active(1)."
	OBJECT ipsAuthCredKerbPrincipal
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT ipsAuthCredKerbRowStatus
	  SYNTAX INTEGER {
			active(1) }
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required, and only one of the six
		enumerated values for the RowStatus textual convention need
		be supported, specifically:  active(1)."
	-- 1.3.6.1.2.1.141.2.1.1
	::= { ipsAuthCompliances 1 }

END
