[AGENT++] More on Community/Security Name?

Mr. AWD mrawd at excite.com
Mon Aug 9 20:56:24 CEST 2004 

--- On Mon 08/09, Jochen Katz < katz at agentpp.com > wrote: 
>> Then, where is that “public” string defined when you have SNMPv3
>> enabled and V1 or V2 request is sent to it?
>
> it's nowhere defined, if SNMPv3 is enabled, the VACM is used to decide 
> if v1/v2c requests are allowed.

Good, since that is what I was doing as well!

>> Basically, I am trying to
>> give potential users ability to change the community string to
>> something else but “public”,
>
> So you have to configure the SecurityToGroupTable of the VACM either 
> through SNMP or through (from atm-mib example):

> vacm->addNewGroup(SecurityModel_v2, "public",
> "v1v2group", storageType_nonVolatile);
> vacm->addNewGroup(SecurityModel_v1, "public",
> "v1v2group", storageType_nonVolatile);
> vacm->deleteGroup(...)

That is the main problem. If I change those “public” strings to something else (let say for the sake of the discussion “private”), then agent responds to the request sent with the community string set to the “priate”. But, if you still send a request with community string set to “public”, it goes through and gets answered as well. 

That is why I was asking about the potential other place where “public” gets defined, since agent accepts the requests with them. That is also where constructor (which is not used as you said once you define SNMPv3) of the RequestList class comes into the game since that is the only place where I can see that defined. 

>> but even by changing the security name
>> to something else, “public” one still remains in there. Is that the
>> correct behavior or maybe a possible bug in the agent?
>
> If you remove the two lines with "public" from 
> examples/atm_mib/src/agent.cpp it will no longer answer v1/v2c requests.

Yes, but I am trying to accommodate my customers that are not willing to use complexity of the SNMPv3 framework and since they are only using SNMP agent inside the firewall, V2 security is enough for their needs. My goal is to create only one version of the agent and just change the configuration of it during the startup time. If V2 is specified only lines like two that you have above will be used for the creation and no V3 Groups will be added. For those that want full security, configuration file (one that I am creating right now) will specify only V3 users and their appropriate credentials and those will be used at the startup.

This is all in order to avoid having multiple executables, and multiple set of testing for different agents.

Thanks Jochen!


Fedja



_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!

More information about the AGENTPP mailing list