Change User for SNMP (CHGUSRSNMP)

The Change User for SNMP (CHGUSRSNMP) command changes an existing Simple Network Management Protocol (SNMP) user entry in the SNMP agent user list. An SNMP agent uses this list of users as part of the SNMPv3 User-based Security Model (USM). The USM is used to protect SNMPv3 packets from Modification of Information (Data Integrity), Masquerading (Data Origin Authentication), Disclosure (Data Confidentiality), and Message Stream Modification (Message Timeliness) threats by utilizing a concept of multiple users where each user provides secret keys for authentication and privacy. Each user entry consists of a user name, an authentication protocol, an authentication password with which the authentication keys will be generated, a privacy protocol, a privacy password with which the privacy keys will be generated, a key type indicating whether the generated keys include the IBM i agent engine ID, and finally the type of storage used for this user entry.

Restrictions:

Parameters

Keyword Description Choices Notes
USRNAME User name Character value Required, Key, Positional 1
AUTPCL Authentication protocol Start of change*SAME, *HMACSHA, *HMACSHA256, *HMACSHA512, *HMACMD5, *NONEEnd of change Optional
AUTPWD Authentication password Character value, *SAME Optional
PVYPCL Privacy protocol *SAME, *CBCDES, *CFBAES, *NONE Optional
PVYPWD Privacy password Character value, *SAME Optional
STGTYPE Storage type *SAME, *NONVOLATILE, *PERMANENT, *READONLY Optional
LOGSET Log set requests *SAME, *SNMPATR, *YES, *NO Optional
LOGGET Log get requests *SAME, *SNMPATR, *YES, *NO Optional

User name (USRNAME)

Specifies the name of the SNMP user being changed in the User-based Security Model (USM). The user name has no direct correlation to an IBM i user profile.

This is a required parameter.

character-value
Specify the name of the SNMP user being changed. A user name must be a minimum of 1 character and no more than 32 characters in length. A user name cannot contain any leading or imbedded blanks.

Authentication protocol (AUTPCL)

Specifies the authentication protocol to be used on authenticated messages on behalf of the specified user.

*SAME
This value does not change.
*HMACSHA
The HMAC-SHA protocol will be used.
*HMACMD5
The HMAC-MD5 protocol will be used.
*NONE
No authentication will be used for this user.

Authentication password (AUTPWD)

Specifies the password used to generate the key to be used in authenticating messages on behalf of this user. This parameter must be specified if the Authentication protocol (AUTPCL) parameter is not *NONE.

*SAME
This value does not change.
character-value
Specify the authentication password to be used in authenticating messages on behalf of this user. A password must be a minimum of 8 characters in length. Up to 255 characters may be specified.

Privacy protocol (PVYPCL)

Specifies the privacy protocol to be used on encrypted messages on behalf of the specified user. This parameter is only valid if the Authentication protocol (AUTPCL) parameter is not *NONE.

*SAME
This value does not change.
*CBCDES
The CBC-DES protocol will be used.
*CFBAES
The CFB128-AES-128 protocol will be used.
*NONE
No privacy protocol will be used.

Privacy password (PVYPWD)

Specifies the password used to generate the key to be used in encrypting messages to and from this user. This parameter must be specified if the Privacy protocol (PVYPCL) parameter is not *NONE.

*SAME
This value does not change.
character-value
Specify the privacy password to be used. A password must be a minimum of 8 characters in length. Up to 255 characters may be specified.

Storage type (STGTYPE)

Specifies the type of storage in which this user definition is maintained. This parameter is an indicator of the level of dynamic configuration available for the user.

*SAME
This value does not change.
*NONVOLATILE
The user definition persists across reboots of the SNMP agent. However, it can be changed or even deleted by dynamic configuration requests.
*PERMANENT
The user definition persists across reboots of the SNMP agent. However, it can be changed but not deleted by dynamic configuration requests.
*READONLY
The user definition persists across reboots of the SNMP agent. It can not be changed or deleted by dynamic configuration requests.

Log set requests (LOGSET)

Specifies whether set requests from SNMP managers are logged in journal QSNMP in library QUSRSYS.

*SAME
This value does not change.
*SNMPATR
The value defined with the Change SNMP Attributes (CHGSNMPA) command is used for this user.
*YES
Set requests are logged.
*NO
Set requests are not logged.

Log get requests (LOGGET)

Specifies whether get, get-bulk, and get-next requests from SNMP managers are logged in journal QSNMP in library QUSRSYS.

*SAME
This value does not change.
*SNMPATR
The value defined with the Change SNMP Attributes (CHGSNMPA) command is used for this user.
*YES
Get, get-bulk, and get-next requests are logged.
*NO
Get, get-bulk, and get-next requests are not logged.

Examples

Start of changeCHGUSRSNMP    USRNAME(USER1)  LOGGET(*YES)End of change

Start of change

This command changes the logging attribute for user USER1 so that get, get-bulk, and get-next requests are logged in journal QSNMP in library QUSRSYS.End of change

Error messages

*ESCAPE Messages

TCP4001
Error occurred accessing SNMP configuration information.
TCP4023
User does not exist.
TCP4028
SNMP user &1 not changed.
TCP8050
*IOSYSCFG authority required to use &1.