> in snmp v1/v2 implemention,
> how can I limit a user access to a mib node?
The first thing to realise is that SNMPv1/2c has no concept of
"users". It purely works in terms of a "community string".
If two different people use the same community string,
then they'll be treated in exactly the same way.
If they use different community strings, then they
can be treated differently. (Well, mostly!)
> I want one user has only the read access to a mib node, but another
> user has both read accesss & write access to the same mib node.
The simplest approach would be something like:
rocommunity 1ststring
rwcommunity 2nsstring
If the first person is told to use the community string
"1ststring", then they'll have read access to the MIB object.
If the second person is told to use the community string
"2ndstring", then they'll have both read and write access
to the MIB object.
(in fact, this will apply to *all* MIB objects).
> in addition, sometimes, the 3rd user may be prohibited from
> accessing the same mib node(no read & write accesss rights).
If the third person doesn't know either community string,
then they won't be able to access the MIB object.
That's the basic idea.
It's possible to refine things slightly - to apply these
checks to a subset of the overall MIB tree, or to take
into account the machine (or network) that a particular
request comes in from.
But it's probably best to start from this initially.
The most important idea to grasp is that SNMPv1/2 security
works with the community string, not the "user" sending
the request.
Dave
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id�040&op=click
_______________________________________________
Net-snmp-coders mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
