configuring proxy table, params table for proxy forwarding

Ram Krishnaswamy RKrishnaswamy____pathfire.com
Tue May 14 21:53:56 CEST 2002 

Hello Frank,

Thanks for your reply.

The reason for creating different users with same priviledges is to give
same level of access. The only difference being their authentication and
privacy passwords. Since the users are going to be in several shifts, the
supervisor, for example, for each shift would be given the same access
level. 

Coming back to our situation, for each user that needs access to one proxy
agent, we need to create one entry each in proxy table, depending on read or
write, and an entry in target params table. So if the user needs access to
more than one proxy agent then we need to create entries in both these
tables, again depending upon read or write. We are fine with this except
that we thought that there might be a better way of grouping them together
so that we don't have to create that many entries.

Ram

-----Original Message-----
From: Frank.Fock____t-online.de [mailto:Frank.Fock____t-online.de]
Sent: Tuesday, May 14, 2002 1:38 PM
To: Ram Krishnaswamy
Cc: 'agentpp-dl____agentpp.com'
Subject: Re: configuring proxy table, params table for proxy forwarding


Hello Ram,

Please find my comments linline:

Ram Krishnaswamy wrote:

> Hello,
>
> I had asked the following question to the SNMPv3 mailing list but it seems
> like it is more of an implementation issue of how proxy forwarder is
> implemented. Please advise.
>

I do not think that it is implementation depended, see below...

>
> We have a number of third party SNMP agents implemented in SNMPv1. We are
> planning to use a agent++ developed agent supporting v3 and make use of
the
> proxy forwarder application to reach these SNMP v1 agents. We need v3 for
> authentication and security too. The problem we are facing is how
different
> users can be setup so that they can be categorized into groups and given
the
> right level of access instead of creating proxy table entries,
> targetParamTable entries & targetAddrTable entries for each user. It is
not
> a big problem but we feel there might be a better way that avoids too many
> entries in proxy and params table if we can somehow group users with same
> priviledges to access these proxies. Any ideas?

Other question, why would one define different users with same priviledges?

>
>
> For example, let us say we have one SNMPv1 snmp agent (call it msX) that
we
> want to use proxy forwarder for. The relevant table entry for User A to
> access this SNMP agent with read priviledges are given below. This is for
> one user. Do we have to define for each user similar entries in each of
> these tables or can we specify a group of users. In the books we have read
> so far, the TargetParamsSecurityName is defined as "the Principal on whose
> behalf SNMP messages will be generated". Can the "Principal" be a group
and
> if so how to define that group that have users who have access to proxy
snmp
> agents? The proxy forwarder code tries to match a security name with the
one
> in the request.
>

You will have to specify a user (principal) rather than a group, because you
need
to send the PDU on the behalf of a specific user. Which user should be
chosen
from a group, if only the group has been specified?

Best regards,
Frank

More information about the AGENTPP mailing list