Re: access control and non-default contexts

Dave Shield wrote:
> It turns out that this change has also affected the default behaviour
> slightly. Up to now, these convenience directives have registered an
> entry in the vacmAccessTable with a prefix context match on "" - thus
> matching *ALL* contexts by default. Following my latest patches, the
> same directive would now register an *exact* context match on "" -
> thus applying to the default context only.
>
> I'm inclined to leave things as they stand - this feels a more secure
> arrangement, and is probably in line with default expectations. But
> it does result in a minor change in behaviour, so I wouldn't object if
> the consensus was to switch back to the previous, more open
> configuration.

One of the affected real-life scenarios is the management of snmptrapd's
usmUserTable as formalized in test #20 (which broke, but now has been
tweaked accordingly). I'm not sure it has seen wide-spread use other
than behind the curtains of the company I work for, though.


+Thomas

--
Thomas Anders (thomas.anders at blue-cable.de)

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/...et-snmp-coders