[AGENT++] Error returned in the SNMPV3 PDU

Shrikanth D shrikanthd23 at yahoo.com
Mon Dec 1 13:01:14 CET 2003 

Hi,

This is the behaviour that I observed when the security levels at the two entities are different.


MgrSecLev  AgentSecLev  AuthParams  	Result
---------  -----------  ----------  --------------------------

AuthPriv   AuthNoPriv   Anything   	REPORT_MSG
       		      (Invalid/Valid)  (Unsupported Security Level Counter)


AuthNoPriv  AuthPriv    Invalid   	REPORT MSG
           				(WrongDigest Counter)

  -do-       -do-       Valid   	Snmp.get() returns error code 16
			           	(Authorization error)

 

There is no consistency in the responses. 

For example, in the last case, perhaps there is no case of authorization

failure, just the security level is wrong, but a Authorization error is 

returned.

Is the above behaviour correct? 

Why isn't the security level checked right at the beginning and the error returned immediately.
Could you kindly explain this?

Thanks and regards,
Shrikanth

Frank Fock wrote:

Hi,I just want to add to Jochen's response, that the SNMP_ERROR_AUTH_ERRis returned by AGENT++ when the VACM denies access to a particular objectinstance.Regards,Frank FockJochen Katz wrote:> Hi,>>> I have a doubt about the manner in which the error is returned when a >> snmpV3 call is made.>>  >> Say for example if the manager issues a request to a agent with an >> incorrect security level,>>   ^^^^^^^^^^^^^^^^^^^^^^^^>> what exactly are you doing? Send an authPriv request using an user > that is only configured for authNoPriv at the agent? In this case you > should either receive a report with the "unsupported securityLevel" > counter or the local error code 1403 (also unsupported securityLevel) > while trying to encode the request.>> >  sometimes the error>>> SNMP_ERROR_AUTH_ERR         16 //!< Authentication failure>>  >> is returned by the call itself (by the snmp.get() method).>>> I don't think, that this error is returned without contacting the > agent, as SNMP_ERROR_AUTH_ERR
 is not used directly within snmp++.>>> But certain other times for the same error, the call is a success, >> but the PDU type is REPORT_MSG and the error has to be obtained by >> examining the Oid.>>>> Can you please explain what decides this behaviour.>>> Possibly two different agents?>> Regards,>   Jochen




---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.agentpp.org/pipermail/agentpp/attachments/20031201/b242e54f/attachment.htm

More information about the AGENTPP mailing list