[SNMP4J] snmp4j TestAgent example v3 trap configuration faulty ?

[ulrich berl]

Thanks for clarification !
 
br, Ulrich
 

Gesendet: Donnerstag, 12. Juli 2018 um 08:25 Uhr
Von: "Frank Fock" <fock at agentpp.com>
An: "ulrich berl" <ulrich.berl at gmx.net>
Cc: snmp4j at agentpp.org
Betreff: Re: [SNMP4J] snmp4j TestAgent example v3 trap configuration faulty ?
Hi Ulrich,

I was intended to test/illustrate how VACM security works for notifications and traps. Many users are not aware that SNMP4J-Agent checks the access rights for outgoing variable bindings of a trap.

The AgenPro configuration template does not contain this (intended) inconsistency. Nevertheless, even this template is not a ready to use configuration for a production deployment, because it uses standard passwords and may not match your security requirements, because SNMPv1 and v2c are enabled by default.

Best regards,
Frank


> On 11. Jul 2018, at 14:54, ulrich berl <ulrich.berl at gmx.net> wrote:
>
> Hi!
>
> I try to receive the v3 trap coldStartNotification from TestAgent sample.
>
> Using the TestAgent from test folder (2.6.3) i get the known vacm access denied error:
>
> Found group name 'v3group' for secName 'v3notify' and secModel 3
> Access denied by VACM for 1.3.6.1.6.3.1.1.5.1
>
> After inspecting the code i can see, that
>
> TargetParams for "v3notify" are set to NOAUTH_NOPRIV but VACM for "v3group" is set to AUTH_PRIV.
> User "v3notify" has no AUTH/PRIV params configured.
>
> Working configurations:
>
> setting group of v3notify to v3restricted (this group has NOAUTH_NOPRIV and allows reading 1.3.6.1.6.3.1.1.5.1)
>
> or
>
> for TargetParams of "v3notify" setting SecurityLevel to AUTH_PRIV and secName to "SHADES", so outgoing message will be encrypted
> (the usm user has to be configured in the manager application)
>
> Was this intentionally configured or i miss something ?
>
> br, Ulrich
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> https://oosnmp.net/mailman/listinfo/snmp4j