[SNMP4J] SNMPv3 Key Localization (repost)

Smith, Gary Gary.Smith at flukenetworks.com
Thu Dec 3 10:14:02 CET 2009 

Hi Frank

 

Sent this a few days back but have seen no response, it may well be that
I just need to read up more on the topic but the sample code is in
error:

 

I'm a little confused by SNMPv3 Key Localization and your example:

 

https://server.oosnmp.net/confluence/pages/viewpage.action?pageId=144180
0

 

snmp.getUSM().addLocalizedUser(engineID, sharedUserName,

    AuthMD5.getID(), new OctetString("md5Passphrase"),

    PrivDES.getID(), new OctetString("desPassphrase"));

 

 

In the example you call USM.addLocalizedUser(...) with OctetString
passphrases for auth & priv but as I understand the method these should
be byte[] passkeys.  And, indeed, the sample code will not compile.

 

These passphrases should be converted to passkeys.  I'm assuming this
should _not_ be by adding a simple getValue() (because how do I get
passkeys if not from passphrases), so should I instead be using

 

snmp.getUSM().addLocalizedUser(engineID, sharedUserName,

    AuthMD5.ID, 

    SecurityProtocols.getInstance().

        passwordToKey(AuthMD5.ID,new OctetString("md5Passphrase"),
engineID),

    PrivDES.ID, 

    SecurityProtocols.getInstance().

        passwordToKey(PrivDES.ID,AuthMD5.ID,new
OctetString("desPassphrase"), engineID));

 

 

My usage scenario is essentially a poller where agents can possibly have
duplicate usernames but that passphrases for the same username may be
different per agent.  (Maybe I shouldn't be thinking in terms of
localised keys at all?)

 

 

Regards

 

Gary



Please be advised that this email may contain confidential information.
 If you are not the intended recipient, please do not read, copy or
re-transmit this email.  If you have received this email in error,
please notify us by email by replying to the sender and by telephone
(call us collect at +1 202-828-0850) and delete this message and any
attachments.  Thank you in advance for your cooperation and assistance.

In addition, Danaher and its subsidiaries disclaim that the content of
this email constitutes an offer to enter into, or the acceptance of, 
any
contract or agreement or any amendment thereto; provided that the
foregoing disclaimer does not invalidate the binding effect of any
digital or other electronic reproduction of a manual signature that is
included in any attachment to this email.

More information about the SNMP4J mailing list