configuring proxy table, params table for proxy forwarding
Frank Fock
Frank.Fock____t-online.de
Tue May 14 19:37:32 CEST 2002
Hello Ram,
Please find my comments linline:
Ram Krishnaswamy wrote:
> Hello,
>
> I had asked the following question to the SNMPv3 mailing list but it seems
> like it is more of an implementation issue of how proxy forwarder is
> implemented. Please advise.
>
I do not think that it is implementation depended, see below...
>
> We have a number of third party SNMP agents implemented in SNMPv1. We are
> planning to use a agent++ developed agent supporting v3 and make use of the
> proxy forwarder application to reach these SNMP v1 agents. We need v3 for
> authentication and security too. The problem we are facing is how different
> users can be setup so that they can be categorized into groups and given the
> right level of access instead of creating proxy table entries,
> targetParamTable entries & targetAddrTable entries for each user. It is not
> a big problem but we feel there might be a better way that avoids too many
> entries in proxy and params table if we can somehow group users with same
> priviledges to access these proxies. Any ideas?
Other question, why would one define different users with same priviledges?
>
>
> For example, let us say we have one SNMPv1 snmp agent (call it msX) that we
> want to use proxy forwarder for. The relevant table entry for User A to
> access this SNMP agent with read priviledges are given below. This is for
> one user. Do we have to define for each user similar entries in each of
> these tables or can we specify a group of users. In the books we have read
> so far, the TargetParamsSecurityName is defined as "the Principal on whose
> behalf SNMP messages will be generated". Can the "Principal" be a group and
> if so how to define that group that have users who have access to proxy snmp
> agents? The proxy forwarder code tries to match a security name with the one
> in the request.
>
You will have to specify a user (principal) rather than a group, because you
need
to send the PDU on the behalf of a specific user. Which user should be chosen
from a group, if only the group has been specified?
Best regards,
Frank
More information about the AGENTPP
mailing list