[SNMP4J] Multiple SNMPv3 trap senders
Adam Brons
abrons at us.ibm.com
Fri Oct 27 17:41:53 CEST 2006
Thanks for the response Frank. I've spent the morning reading the RFC's
on SNMP and SNMPv3. I feel a lot more enlightened, but still have some
questions.
For instance I'm not sure if I completely follow your localized statement.
Specifically, "the user name is bound to a specific engine ID and
therefore it the user name must not be globally unique".
Here's a bit more background as to what I'm trying to do. We have an
existing product that received SNMP Trap and INFORM messages. The product
requires that the user predefine the v3 username, password, password
encryption, privay encryption, and privay passphrase for each sending SNMP
agent. It does not require the user to enter the authoritative engine ID
though. This product uses SNMP++ and I see that the USM::add_usm_user
does not require an engine ID.
I've been tasked with converting this application to Java and I've choosen
SNMP4J as the SNMP library. What I'm kinda boggled over is how the
product would have ever worked properly if it does note require the engine
ID. According the the RFC's and my poking around in the SNMP4J source I
see that the UsmUserTable indexes (assuming unique constraint) the table
by (engine ID + UsmUserName). So if the user defined two SNMP agents
using the same UsmUserName and assuming that engine ID == "" wouldn't this
cause a problem if the authentication protocol, privacy protocol, and
associated passphrases are different?
What I'm proposing with the conversion to Java is that we start requiring
that the engine ID be defined as part of the SNMP agent definition.
Thanks for any help in advance,
Adam Brons
TSOM Software Engineer
IBM Tivoli Software
Frank Fock <fock at agentpp.com>
10/26/06 07:23 PM
To
Adam Brons/Atlanta/IBM at IBMUS
cc
snmp4j at agentpp.org
Subject
Re: [SNMP4J] Multiple SNMPv3 trap senders
Hi Adam,
with SNMP4J you can use localized USM users and non localized
USM users. When using localized USM users, the user name is
bound to a specific engine ID and therefore it the user name
must not be globally unique.
Also note, that the trap sender is the authoritative entity.
For more information on these concepts, please refer to the
SNMPv3 RFCs.
Best regards,
Frank
Adam Brons wrote:
> I'm currently developing a SNMP Manager of sorts. Where people can
> configure the manager to listen for SNMPv3 trap messages from several
> sources. Each of these sources will most likely be a separate
workstation
> and may have separate IT staff managing it. I've read through the
javadoc
> for USM UsmUser and so forth and am wondering what what should be done
if
> two sources supplie the same username? I'm assuming the UsmUserTable is
> basically a hashmap or sorts so I have to have unique users names. I've
> toyed with the idea of using EngineID in combination with the username,
> but I was wondering if there's something else I could use.
>
> Another quesiton was how to require a certain level of authenticaiton
and
> privacy protocol? If I wanted to drop a SNMP trap because it has a
lesser
> authentiation protocol, would this be done via the
> CommandResponder.processPDU() method?
>
> I am providing links to mailing list archives which I found to be
similar
> in nature.
> http://lists.agentpp.org/pipermail/snmp4j/2005-July/000587.html
> http://lists.agentpp.org/pipermail/snmp4j/2005-June/000545.html
>
> Thanks - in advance.
>
> Adam Brons
> TSOM Software Engineer
> IBM Tivoli Software
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
--
AGENT++
http://www.agentpp.com
http://www.mibexplorer.com
http://www.mibdesigner.com
More information about the SNMP4J
mailing list