[SNMP4J] Localized users and keys

Tjip Pasma tjip.pasma at ericsson.com
Fri Oct 31 09:01:45 CET 2008 

Hi John

Localizing users requires you to use the method "addUser(OctetString
userName, OctetString engineID, UsmUser user)"
Instead of the "addUser(OctetString userName, UsmUser user)" method that
more typically is used in examples and such.

However to be able to use that method you need to know the authoritative
engineId before adding the user.
A manager application is thus required to make an engineId discovery
like this:
	"byte[] engineId = snmp.discoverAuthoritativeEngineID(ipAddress,
timeout);"

When you need to communicate with a target you also need to define the
engineId first:
    target.setAuthoritativeEngineID(engineId);


Putting it all together gives you something like the following that you
need to add to your code.
	....
	byte[] engineId = snmp.discoverAuthoritativeEngineID(ipAddress,
timeout);
	snmp.getUSM().addUser(new OctetString(securityName, new
OctetString(engineId), createUser(targetInfo));
	----
	target.setSecurityName(new OctetString(securityName);
	target.setAuthoritativeEngineID(engineId);
	-----
	

I made an evaluation of this back in may, and this will allow you to
have the same 
security name deployed to different targets with different passwords.
However the disadvantage of this is that you lose some flexibility with
regards 
to hardware replacement and such. 
In my case the manager application is running 24/7, if a target needs to
be replaced, then 
engineId will change for that target ip(since engineId is based on
mac-address in my case).
To make my manager application more robust to such changes, it was
decided to put up a 
system restriction retricting the securityname to be unique.

Hope this helps you....

Kind Regards
Tjip Pasma



-----Original Message-----
From: snmp4j-bounces at agentpp.org [mailto:snmp4j-bounces at agentpp.org] On
Behalf Of John Marks
Sent: 30. oktober 2008 21:25
To: snmp4j at agentpp.org
Subject: [SNMP4J] Localized users and keys

I have a similar question to one that was asked last May ("multiple
UsmUsers
with identical security name") by Tjip Pasma.

 

In my case, I made sure that I created a new USM with
MPv3.createLocalEngineID() every time I created a session and added my
user
to it. I also added the USM to SecurityModels, which I now think was a
mistake, since the latter is a singleton. Apparently, there can only
ever be
one entry for USM in the SecurityModels internal table, since
USM.getID()
always returns SECURITY_MODEL_USM.  This also came up in another thread
from
November '04 ("Strange problem with multithreaded SNMPv3-Scan").

 

If localizing users is a way to get around all this, that would be
great,
but I don't have clue about how to do it.

 

Any suggestions would be greatly appreciated.

 

 

_______________________________________________
SNMP4J mailing list
SNMP4J at agentpp.org
http://lists.agentpp.org/mailman/listinfo/snmp4j

More information about the SNMP4J mailing list