RE: General security usage question

This is a discussion on RE: General security usage question within the SNMP Users forums, part of the Networking and Network Related category; Thanks Dave - that would make our configuration much easier. I had only tested the "rocommunity" with a community ...


Go Back   Usenet Forums > Networking and Network Related > SNMP Users

Reload this Page RE: General security usage question

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-22-2008
McGowen, Wendy
 
Posts: n/a
Default RE: General security usage question
Thanks Dave - that would make our configuration much easier. I had only
tested the "rocommunity" with a community string, didn't realize that
you could add a source [hey, Wendy, read all of the doc next time! ;-) ]

I've changed the IP table in my MIB since I sent it to the list, based
on the feedback about IP and MIB-II information (thanks again for that!)
- we're now returning some physical information (including MAC address,
only for a consistent way to identify the NIC), along with our
definition of 'operational status' and 'link status'. I've removed all
of the IP address information.

~ Wendy

Hope your chamber music "marathon" went well!

-----Original Message-----
From: Dave Shield [mailto:D.T.Shield@liverpool.ac.uk]
Sent: Monday, January 21, 2008 6:53 AM
To: McGowen, Wendy
Cc: net-snmp-users@lists.sourceforge.net
Subject: Re: General security usage question



> it would be much easier to set up the configuration mechanism for
this:
> rocommunity <community string to be entered by user>
> than for the more robust (and secure) "community name mapped to
security
> name mapped to group name mapped to view mapped to access rights"
> method.

But that's exactly what "rocommunity" does.
It's just that all the processing is handled under the hood - you don't
see
the details unless you actually look at the VACM tables.

So what you really need to support are the two formats:

rocommunity <string>
and
rocommunity <string> <source>

That would give you the two styles of access control that you've
mentioned, without having to worry about the complexity of the
full com2sec/group/view/access mechanism.

Dave

PS: No - I haven't forgotten about the MIB review I promised.
It's just been a busy couple of weeks!

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/...net-snmp-users
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 12:09 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0