idnits 2.17.1 draft-ietf-ident-mib-03.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-26) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing document type: Expected "INTERNET-DRAFT" in the upper left hand corner of the first page ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** Expected the document's filename to be given on the first page, but didn't find any == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Abstract section. (A line matching the expected section header was found, but with an unexpected indentation: ' 2. Abstract' ) ** The document seems to lack an Introduction section. ** The document seems to lack a Security Considerations section. (A line matching the expected section header was found, but with an unexpected indentation: ' 6. Security Considerations' ) ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack an Authors' Addresses Section. ** The abstract seems to contain references ([2], [3], [4], [5], [6], [7], [1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == Couldn't figure out when the document was first submitted -- there may comments or warnings related to the use of a disclaimer for pre-RFC5378 work that could not be issued because of this. Please check the Legal Provisions document at https://trustee.ietf.org/license-info to determine if you need the pre-RFC5378 disclaimer. -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '1' on line 309 looks like a reference -- Missing reference section? '2' on line 312 looks like a reference -- Missing reference section? '3' on line 316 looks like a reference -- Missing reference section? '4' on line 319 looks like a reference -- Missing reference section? '5' on line 323 looks like a reference -- Missing reference section? '6' on line 327 looks like a reference -- Missing reference section? '7' on line 333 looks like a reference Summary: 15 errors (**), 0 flaws (~~), 2 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Draft Ident MIB Jul 92 4 Ident MIB 6 Tue Jul 31 14:50:52 1992 8 Michael St. Johns 9 U.S. Department of Defense 10 stjohns@UMD5.UMD.EDU 12 Marshall T. Rose 13 Dover Beach Consulting, Inc. 14 mrose@dbc.mtview.ca.us 16 1. Status of this Memo 18 This document is an Internet Draft. Internet Drafts are 19 working documents of the Internet Engineering Task Force 20 (IETF), its Areas, and its Working Groups. Note that other 21 groups may also distribute working documents as Internet 22 Drafts. 24 Internet Drafts are draft documents valid for a maximum of six 25 months. Internet Drafts may be updated, replaced, or 26 obsoleted by other documents at any time. It is not 27 appropriate to use Internet Drafts as reference material or to 28 cite them other than as a "working draft" or "work in 29 progress". 31 Please check the 1id-abstracts.txt listing contained in the 32 internet-drafts Shadow Directories on nic.ddn.mil, 33 nnsc.nsf.net, nic.nordu.net, ftp.nisc.sri.com, or 34 munnari.oz.au to learn the current status of any Internet 35 Draft. 37 2. Abstract 39 This memo defines a MIB for use with identifying the users 40 associated with TCP connections. It provides functionality 41 Draft Ident MIB Jul 92 43 approximately equivalent to that provided by the protocol 44 defined in RFC 931[1]. 46 Draft Ident MIB Jul 92 48 3. The Network Management Framework 50 The Internet-standard Network Management Framework consists of 51 three components. They are: 53 RFC 1155[2] which defines the SMI, the mechanisms used for 54 describing and naming objects for the purpose of management. 55 RFC 1212[3] defines a more concise description mechanism, 56 which is wholly consistent with the SMI. 58 RFC 1213[4] which defines MIB-II, the core set of managed 59 objects for the Internet suite of protocols. 61 RFC 1157[5] which defines the SNMP, the protocol used for 62 network access to managed objects. 64 The Framework permits new objects to be defined for the 65 purpose of experimentation and evaluation. 67 Managed objects are accessed via a virtual information store, 68 termed the Management Information Base or MIB. Within a given 69 MIB module, objects are defined using RFC 1212's OBJECT-TYPE 70 macro. At a minimum, each object has a name, a syntax, an 71 access-level, and an implementation-status. 73 The name is an object identifier, an administratively assigned 74 name, which specifies an object type. The object type 75 together with an object instance serves to uniquely identify a 76 specific instantiation of the object. For human convenience, 77 we often use a textual string, termed the object descriptor, 78 to also refer to the object type. 80 The syntax of an object type defines the abstract data 81 structure corresponding to that object type. The ASN.1[6] 82 language is used for this purpose. However, RFC 1155 83 purposely restricts the ASN.1 constructs which may be used. 84 These restrictions are explicitly made for simplicity. 86 The access-level of an object type defines whether it makes 87 "protocol sense" to read and/or write the value of an instance 88 of the object type. (This access-level is independent of any 89 administrative authorization policy.) 91 The implementation-status of an object type indicates whether 92 the object is mandatory, optional, obsolete, or deprecated. 94 Draft Ident MIB Jul 92 96 4. Ident MIB 98 The Ident MIB defines a uniform set of objects useful for 99 identifying users associated with TCP connections. End- 100 systems which support TCP may, at their option, implement this 101 MIB. However, administrators should read Section 6 ("Security 102 Considerations") before enabling these MIB objects. 104 Draft Ident MIB Jul 92 106 5. Definitions 108 RFC-ident-MIB DEFINITIONS ::= BEGIN 110 IMPORTS 111 experimental 112 FROM RFC-1155 113 OBJECT-TYPE 114 FROM RFC-1212 115 tcpConnLocalAddress, tcpConnLocalPort, 116 tcpConnRemAddress, tcpConnRemPort 117 FROM RFC1213-MIB; 119 ident OBJECT IDENTIFIER ::= { experimental 33 } 121 -- conformance groups 123 identInfo OBJECT IDENTIFIER ::= { ident 1 } 125 -- textual conventions 127 -- none 128 Draft Ident MIB Jul 92 130 -- the ident information system group 131 -- 132 -- implementation of this group is mandatory 134 identTable OBJECT-TYPE 135 SYNTAX SEQUENCE OF IdentEntry 136 ACCESS not-accessible 137 STATUS mandatory 138 DESCRIPTION 139 "A table containing user information for TCP 140 connections. 142 Note that this table contains entries for all TCP 143 connections on a managed system. The 144 corresponding instance of tcpConnState (defined in 145 MIB-II) indicates the state of a particular 146 connection." 147 ::= { identInfo 1 } 149 identEntry OBJECT-TYPE 150 SYNTAX IdentEntry 151 ACCESS not-accessible 152 STATUS mandatory 153 DESCRIPTION 154 "User information about a particular TCP 155 connection." 156 INDEX { tcpConnLocalAddress, tcpConnLocalPort, 157 tcpConnRemAddress, tcpConnRemPort } 158 ::= { identTable 1 } 160 IdentEntry ::= 161 SEQUENCE { 162 identStatus INTEGER, 163 identOpSys OBJECT IDENTIFIER, 164 identCharset OBJECT IDENTIFIER, 165 identUserid OCTET STRING, 166 identMisc OCTET STRING 167 } 169 identStatus OBJECT-TYPE 170 SYNTAX INTEGER { 171 noError(1), 172 unknownError(2) 173 } 174 ACCESS read-only 176 Draft Ident MIB Jul 92 178 STATUS mandatory 179 DESCRIPTION 180 "Indicates whether user information for the 181 associated TCP connection can be determined. A 182 value of `noError(1)' indicates that user 183 information is available. A value of 184 `unknownError(2)' indicates that user information 185 is not available." 186 ::= { identEntry 1 } 188 identOpSys OBJECT-TYPE 189 SYNTAX OBJECT IDENTIFIER 190 ACCESS read-only 191 STATUS mandatory 192 DESCRIPTION 193 "Indicates the type of operating system in use. 194 In addition to identifying an operating system, 195 each assignment made for this purpose also 196 (implicitly) identifies the textual format and 197 maximum size of the corresponding identUserid and 198 identMisc objects. 200 The `identSystems' subtree may be used by the IANA 201 for assignments." 202 ::= { identEntry 2 } 204 identCharset OBJECT-TYPE 205 SYNTAX OBJECT IDENTIFIER 206 ACCESS read-only 207 STATUS mandatory 208 DESCRIPTION 209 "Indicates the repertoire of the corresponding 210 identUserid and identMisc objects. 212 The `identCharsets' subtree may be used by the 213 IANA for assignments." 214 ::= { identEntry 3 } 216 identUserid OBJECT-TYPE 217 SYNTAX OCTET STRING (SIZE (0..255)) 218 ACCESS read-only 219 STATUS mandatory 220 DESCRIPTION 221 "Indicates the user's identity. Interpretation of 222 this object requires examination of the 224 Draft Ident MIB Jul 92 226 corresponding value of the identOpSys and 227 identCharset objects." 228 ::= { identEntry 4 } 230 identMisc OBJECT-TYPE 231 SYNTAX OCTET STRING (SIZE (0..255)) 232 ACCESS read-only 233 STATUS mandatory 234 DESCRIPTION 235 "Indicates miscellaneous information about the 236 user. Interpretation of this object requires 237 examination of the corresponding value of the 238 identOpSys and identCharset objects." 239 ::= { identEntry 5 } 241 Draft Ident MIB Jul 92 243 -- operating system assignments, used for identOpSys 245 identSystems OBJECT IDENTIFIER ::= { ident 2 } 247 -- when the Assigned Numbers "system name" is UNIX 248 identSysUnix OBJECT IDENTIFIER ::= { identSystems 1 } 249 -- when identOpSys has the value identSysUnix: 250 -- 251 -- identUserid corresponds to the UNIX username (pw_name) 252 -- of length 1 to 8 octets 253 -- 254 -- the syntax (and length) of identMisc is a local matter 255 Draft Ident MIB Jul 92 257 -- character set assignments, used for identCharset 259 identCharsets OBJECT IDENTIFIER ::= { ident 3 } 261 -- the NVT ASCII repertoire 262 charsetNvtAscii OBJECT IDENTIFIER ::= { identCharsets 1 } 264 END 265 Draft Ident MIB Jul 92 267 6. Security Considerations 269 The information available through this MIB is at most as 270 trustworthy as the host providing it OR the organization 271 operating the host. For example, a PC in an open lab has few 272 if any controls on it to prevent a user from having an SNMP 273 query return any identifier the user wants. Likewise, if the 274 host has been compromised the information returned may be 275 completely erroneous and misleading. 277 This portion of the MIB space should only be used to gain 278 hints as to who "owns" a particular TCP connection -- 279 information returned should NOT be considered authoritative 280 for at least the reasons described above. At best, this MIB 281 provides some additional auditing information with respect to 282 TCP connections. At worse it can provide misleading, 283 incorrect or maliciously incorrect information. 285 The use of the information contained in this MIB for other 286 than auditing or normal network management functions is 287 strongly discouraged. Specifically, using information from 288 this MIB space to make access control decisions - either as 289 the primary method (i.e no other checks) or as an adjunct to 290 other methods may result in a weakening of normal system 291 security. 293 This MIB provides access to information about users, entities, 294 objects or processes which some systems might normally 295 consider private. The information accessible through this MIB 296 is a rough analog of the CallerID services provided by some 297 phone companies and many of the same privacy consideration and 298 arguments that apply to CallerID service apply to this MIB 299 space. If you wouldn't run a "finger" server[7] due to 300 privacy considerations, you might not want to provide access 301 to this MIB space on a general basis. Access to this portion 302 of the MIB tree may be controlled under the normal methods 303 available through SNMP agent implementations. 305 Draft Ident MIB Jul 92 307 7. References 309 [1] M. St. Johns, Authentication Server. Request for 310 Comments 931, (May, 1990). 312 [2] M.T. Rose and K. McCloghrie, Structure and Identification 313 of Management Information for TCP/IP-based internets. 314 Request for Comments 1155, (May, 1990). 316 [3] M.T. Rose and K. McCloghrie, Concise MIB Definitions. 317 Request for Comments 1212, (March, 1991). 319 [4] K. McCloghrie and M.T. Rose, Management Information Base 320 for Network Management of TCP/IP-based internets: MIB-II. 321 Request for Comments 1213, (March, 1991). 323 [5] J.D. Case, M.S. Fedor, M.L. Schoffstall, and J.R. Davin, 324 Simple Network Management Protocol. Request for Comments 325 1157, (May, 1990). 327 [6] Information processing systems - Open Systems 328 Interconnection - Specification of Abstract Syntax 329 Notation One (ASN.1), International Organization for 330 Standardization. International Standard 8824, (December, 331 1987). 333 [7] D.P. Zimmerman, Finger User Information Protocol. 334 Request for Comments 1288, (December, 1991). 336 Draft Ident MIB Jul 92 338 Table of Contents 340 1 Status of this Memo ................................... 1 341 2 Abstract .............................................. 1 342 3 The Network Management Framework ...................... 3 343 4 Ident MIB ............................................. 4 344 5 Definitions ........................................... 5 345 5.1 Conformance Groups .................................. 5 346 5.2 Textual Conventions ................................. 5 347 5.3 The Ident information Group ......................... 6 348 5.4 Operating System Assignments ........................ 9 349 5.4.1 identSysUnix ...................................... 9 350 5.5 Character Set Assignments ........................... 10 351 5.5.1 charsetNvtAscii ................................... 10 352 6 Security Considerations ............................... 11 353 7 References ............................................ 12