Technical Summary
This MIB defines objects for managing user identities and the
names, addresses, and credentials required manage access control, for
use with various protocols. This draft was motivated by the need for
the configuration of authorized user identities for the iSCSI
protocol, but has been extended to be useful for other storage protocols
with similar requirements. It is important to note that this MIB
module provides only the set of identities to be used within access
lists; it is the responsibility of other MIB modules (or applications)
using this to tie them to their own access lists or other authorization
control methods.
Working Group Summary
The working group reached consensus on this document easily.
The group's work on this document completed a long time ago; there
was considerable delay before a MIB doctor review slot could be
obtained.
Protocol Quality
Bert Wijnen became the MIB Doctor for this specification and
provided extensive comments, for which revisions were made.
David Black is the WG Chair shepherd. Allison Mankin is the
Responsible Area Director.
Notes to RFC Editor
Please make the following changes:
(1) Add the following sentence to the end of Section 7.6 as a
separate paragraph (i.e., not as part of the description of "Other"):
An additional credential type can be added to this MIB module by
defining a new OID in the ipsAuthMethodTypes subtree, and defining
a new table specific to that credential-type.
(2) Make the following changes so that RFC 4120 is referenced instead
of RFC 1510.
- Section 7.6
OLD: [RFC1510] NEW: [RFC4120]
- Section 9, DESCRIPTION clause for ipsAuthCredKerbPrincipal
OLD:
J. Kohl, C. Neuman, RFC 1510: The Kerberos Network
Authentication Service (V5), September 1993
NEW:
C. Neuman, S. Hartman, and K. Raeburn, RFC 4120:
The Kerberos Network Authentication Service (V5),
July 2005
- Section 11, replace the normative reference to RFC 1510
with a normative reference to RFC 4120.