[SNMP4J] Multiple SNMPv3 trap senders

Fri Oct 27 17:41:53 CEST 2006

Thanks for the response Frank.  I've spent the morning reading the RFC's 
on SNMP and SNMPv3.  I feel a lot more enlightened, but still have some 
questions.

For instance I'm not sure if I completely follow your localized statement. 
 Specifically, "the user name is bound to a specific engine ID and 
therefore it the user name must not be globally unique". 

Here's a bit more background as to what I'm trying to do.  We have an 
existing product that received SNMP Trap and INFORM messages.  The product 
requires that the user predefine the v3 username, password, password 
encryption, privay encryption, and privay passphrase for each sending SNMP 
agent.  It does not require the user to enter the authoritative engine ID 
though.  This product uses SNMP++ and I see that the USM::add_usm_user 
does not require an engine ID. 

I've been tasked with converting this application to Java and I've choosen 
SNMP4J as the SNMP library.  What I'm kinda boggled over is how the 
product would have ever worked properly if it does note require the engine 
ID.  According the the RFC's and my poking around in the SNMP4J source I 
see that the UsmUserTable indexes (assuming unique constraint) the table 
by (engine ID + UsmUserName).  So if the user defined two SNMP agents 
using the same UsmUserName and assuming that engine ID == "" wouldn't this 
cause a problem if the authentication protocol, privacy protocol, and 
associated passphrases are different?

What I'm proposing with the conversion to Java is that we start requiring 
that the engine ID be defined as part of the SNMP agent definition. 

Thanks for any help in advance, 

Adam Brons
TSOM Software Engineer
IBM Tivoli Software

Frank Fock <fock at agentpp.com> 
10/26/06 07:23 PM

To
Adam Brons/Atlanta/IBM at IBMUS
cc
snmp4j at agentpp.org
Subject
Re: [SNMP4J] Multiple SNMPv3 trap senders

Hi Adam,

with SNMP4J you can use localized USM users and non localized
USM users. When using localized USM users, the user name is
bound to a specific engine ID and therefore it the user name
must not be globally unique.

Also note, that the trap sender is the authoritative entity.

For more information on these concepts, please refer to the
SNMPv3 RFCs.

Best regards,
Frank

Adam Brons wrote:
> I'm currently developing a SNMP Manager of sorts.  Where people can 
> configure the manager to listen for SNMPv3 trap messages from several 
> sources.  Each of these sources will most likely be a separate 
workstation 
> and may have separate IT staff managing it.  I've read through the 
javadoc 
> for USM UsmUser and so forth and am wondering what what should be done 
if 
> two sources supplie the same username?  I'm assuming the UsmUserTable is 

> basically a hashmap or sorts so I have to have unique users names.  I've 

> toyed with the idea of using EngineID in combination with the username, 
> but I was wondering if there's something else I could use.
> 
> Another quesiton was how to require a certain level of authenticaiton 
and 
> privacy protocol? If I wanted to drop a SNMP trap because it has a 
lesser 
> authentiation protocol, would this be done via the 
> CommandResponder.processPDU() method?
> 
> I am providing links to mailing list archives which I found to be 
similar 
> in nature.
>   http://lists.agentpp.org/pipermail/snmp4j/2005-July/000587.html
>   http://lists.agentpp.org/pipermail/snmp4j/2005-June/000545.html
> 
> Thanks - in advance.
> 
> Adam Brons
> TSOM Software Engineer
> IBM Tivoli Software
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j

-- 
AGENT++
http://www.agentpp.com
http://www.mibexplorer.com
http://www.mibdesigner.com