usmAddUserName v usmAddUser
Frank Fock
Frank.Fock____t-online.de
Tue Sep 24 08:54:32 CEST 2002
>
> You or Jochen might want to consider having the function return an error
> for idiots like me.
>
I think the problem is, that the function is "generic" and is
supposed to work with other authentication protocols as well.
Nevertheless, I will have a look...
> And my second defense is that it isn't obvious that "unknown securityName"
> really means "you're a twit who didn't pass me a key with the right length"
>
> :-)
>
Accepted! I often had the same problem, but returning a
very precise error message to the (end-)user in this case
is also subject to security considerations and is AFAIK
predetermined by the SNMPv3 RFCs.
>
>>Please localize the passwords with the remote engine ID
>>(MD5 hash password+engineID+padding) with apPasswordToKeyMD5
>>first.
>>
>
>
> Actually, I can't do that; these keys are derived in a way that's
> completely different from normal SNMPv3 -- there are no passwords involved
> at all. That's why I need to call the localized function directly instead
> of simply adding a usm user by passing ordinary passwords.
>
Are you trying to implement Diffie Hellman Key Exchange?
>
>>Hope this helps (finally ;-)
>>
> I'll tell you after I've stopped kicking myself :-)
>
:-)
> Doc
>
> PS Of course, what you meant to say (I think) was "a length of 16 octets".
> I just note that in case your message confuses someone else.
>
Yes, of course. The final key for MD5 is 16 bytes and computed from
64 bytes password+engineID+padding.
Cheers,
Frank
More information about the AGENTPP
mailing list