[SNMP4J] Cannot change the snmp password remotely

Vilagut Abad, Roger rvilagut at indra.es
Wed Apr 17 13:58:14 CEST 2013 

Hello,

In order to remotely change the authentication password of a user I do the following steps:


1.       Get the usmUsrSpinLock.0 and save in sValue

2.       I obtain the old key of the user whose password I want to change as follows:
byte[] oldKey = snmp.getUSM().getUser(engineId, new OctetString(user)).getUsmUser().getAuthenticationPassphrase();

3.       Then I generate the new key as follows:

byte[] newKey = SecurityProtocols.getInstance().passwordToKey(AuthMD5.ID, new OctetString(newPassword), engineId.toByteArray());

4.       Then I generate the key change value as follows:

byte[] keyChange = new AuthMD5().changeDelta(oldKey, newKey, random.getBytes());

5.       And finally I do a SET to the usmUserTable:

SET(usmUserSpinLock.0=sValue, usmUserAuthKeyChange=keyChange, usmUserPublic=random)

When I read the usmUserTable MIB table after the SET I can see the random value in the usmUserPublic column, however when I do a request using the new password the agent responds that the password is not correct.

Am I missing something in the password change procedure? I have tried to follow the procedure described in RFC 3414 (KeyChange).

Best regards,
Roger Vilagut Abad

________________________________
Este correo electr?nico y, en su caso, cualquier fichero anexo al mismo, contiene informaci?n de car?cter confidencial exclusivamente dirigida a su destinatario o destinatarios. Si no es vd. el destinatario indicado, queda notificado que la lectura, utilizaci?n, divulgaci?n y/o copia sin autorizaci?n est? prohibida en virtud de la legislaci?n vigente. En el caso de haber recibido este correo electr?nico por error, se ruega notificar inmediatamente esta circunstancia mediante reenv?o a la direcci?n electr?nica del remitente.
Evite imprimir este mensaje si no es estrictamente necesario.

This email and any file attached to it (when applicable) contain(s) confidential information that is exclusively addressed to its recipient(s). If you are not the indicated recipient, you are informed that reading, using, disseminating and/or copying it without authorisation is forbidden in accordance with the legislation in effect. If you have received this email by mistake, please immediately notify the sender of the situation by resending it to their email address.
Avoid printing this message if it is not absolutely necessary.

More information about the SNMP4J mailing list