SNMPD.CONF(5) Domain/OS BSD SNMPD.CONF(5)
NAME
snmpd.conf - configuration file for /etc/snmpd
DESCRIPTION
The /etc/snmpd.conf file specifies community name configuration
information for the Simple Network Management Protocol (SNMP) server,
/etc/snmpd. The SNMP server reads this information during its
initialization process.
An SNMP community defines a set of access rights (generally read only or
read/write) to specified objects in the Management Information Base
(MIB). The community name is a character string that is part of the
datagram packet sent by the management application to the server (snmpd)
in the SNMP agent. The community name identifies to snmpd what community
the packet belongs to and, therefore, what access rights the packet has
to network statistics stored in the MIB. If snmpd receives a packet with
an invalid community name, it discards that packet and does not send a
response.
By default, snmpd responds to incoming ("get") requests that contain any
community name. However, you can restrict access to network statistics
by explicitly specifying one community name in the /etc/snmpd.conf file.
If you specify a community name in /etc/snmpd.conf, then snmpd responds
only to incoming requests containing the community name listed in
/etc/snmpd.conf.
Specify the community name on a single line in the /etc/snmpd.conf file
using the format
get: community_name #comment
where get: is a keyword specifier, community_name is the community name
you want to specify, and the pound sign (#) indicates the beginning of an
optional comment. (Characters following the pound sign up to the end of
the line are not interpreted by the routines that search the file.) For
example, to restrict snmpd to respond only to incoming requests
containing the community name "mary," include a line similar to the
following in the snmpd.conf file. (The comment shown is an example
only.)
get: mary #accept only "mary" as a valid community name
You may specify only one community name in the snmpd.conf file. A
community name may contain any printable character other than a field
delimiter, newline, or comment character (#). (See the Notes section
below for an important security consideration about community names.)
FILES
/etc/snmpd.conf
NOTES
At this time, our SNMP implementation does not support an authentication
scheme. Consequently, snmpd does not attempt to validate whether a packet
actually belongs to the community indicated by its community name.
SEE ALSO
snmpd(8).