[AGENT++] how to change default community?

Jungsu Byun jsbyun at samsung.com
Thu Dec 28 06:22:35 CET 2006 

Frank, 
Thanks for your help, and quick response.
But, I need more help...


 > 3) I  want to disable default community string 'public/public' because 
> of securyti problem,
> 
> and add  user define string ( ex: community/community )
> 
> How can I do?

When there is no SNMP-COMMUNITY-MIB, AGENT++ directly uses the security name
as community. As mentioned above, this approach is not supported by the
SNMPv3 standard, but it provides a convenient approach for backward
compatibility without reducing security.

So if your agent accepts "public" community, then watch out for a "public"
security name with SNMPv1/v2c view and then change that security name. Hope
this helps.

=> Because of my poor understanding of AGENT++ , I can't understand what you
mean "watch out for a "public" security name with SNMPv1/v2c view and then
change that security name".

I just made a our product MIB and generated source using 'agentpro2' then
compiled and used our agent.
What I changed things in the agent++/snmp++  library is turned on
_NO_LOGGING_' option only.

Which code in agent++/snmp++ , should I change?
Please let me know.


Thanks in advance,

Best Regards
Jungsu

-----Original Message-----
From: Frank Fock [mailto:fock at agentpp.com] 
Sent: Thursday, December 28, 2006 3:52 AM
To: Jungsu Byun
Cc: 'Jochen Katz'; agentpp at agentpp.org
Subject: Re: [AGENT++] how to change default community?

Jungsu,

Jungsu Byun wrote:
> Thanks for your quick response, But I still have a problem. 
> 1) I turned on 'SNMPv3' when compile agent++ library,
> 
> but I don't use SNMP-COMMUNITY-MIB
> 

Although AGENT++ supports your approach, it is not 100% SNMPv3 standard
conform. Besides less flexibility for the end-user, I see no drawback with
your approach.
Rather than, your "light-weight" approach requires less configuration.

>  
> 
> 2) RequestList::set_read/write_community functions
> 
> doesn't work, because I turned on 'SNMPv3' option.
> 

Yes, that is the consequence of turning on SNMPv3.
But no problem, see below...

>  
> 
> 3) I  want to disable default community string 'public/public' because 
> of securyti problem,
> 
> and add  user define string ( ex: community/community )
> 
> How can I do?

When there is no SNMP-COMMUNITY-MIB, AGENT++ directly uses the security name
as community. As mentioned above, this approach is not supported by the
SNMPv3 standard, but it provides a convenient approach for backward
compatibility without reducing security.

So if your agent accepts "public" community, then watch out for a "public"
security name with SNMPv1/v2c view and then change that security name. Hope
this helps.

Best regards,
Frank

> 
>  
> 
> Best Regards.
> 
> JS
> 
>   
> 
> -----Original Message-----
> From: agentpp-bounces at agentpp.org [mailto:agentpp-bounces at agentpp.org] 
> On Behalf Of Jochen Katz
> Sent: Saturday, December 23, 2006 1:31 AM
> To: agentpp at agentpp.org
> Subject: Re: [AGENT++] how to change default community?
> 
> Hi,
> 
>> I am developing , agenpro2 base SNMP agent.
>> It uses default community   public  / public .
>>  
>> I wanna change default community of agent.
>>  
>> Where can I change default community stfing?
> 
> if you use snmp community mib, just configure the desired mapping; 
> from atm_mib example:
> 	// add SNMPv1/v2c community to v3 security name mapping
> 	OctetStr co("public");
> 	MibTableRow* row = snmpCommunityEntry::instance->
> 	    add_row(Oidx::from_string(co, FALSE));
> 	OctetStr tag("v1v2cPermittedManagers");
> 	snmpCommunityEntry::instance->
> 	    set_row(row, co, co,
> 		    reqList->get_v3mp()->get_local_engine_id(),
> 		    "", tag, 3, 1);
> 
> If you disabled SNMPv3, you can use
> RequestList::set_read/write_community functions.
> 
> Regards,
>   Jochen
> 
> 
> _______________________________________________
> AGENTPP mailing list
> AGENTPP at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/agentpp
> 
> 
> _______________________________________________
> AGENTPP mailing list
> AGENTPP at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/agentpp

-- 
AGENT++
http://www.agentpp.com
http://www.mibexplorer.com
http://www.mibdesigner.com

More information about the AGENTPP mailing list