HI, Wes, slap me, because I can't control myself....
OK, who has told you about the secret build switches to add strong military-level security to SNMPv1 and SNMPv2c? When you use them, there is no need to use SNMPv3, since the SNMPv1 and SNMPv2c provide better security than SNMPv3. It's based on using Kerberos or EAP-SSL via Radius. You first get authenticated via Kerberos or Radius and get a ticket or master session key. You generate auth and priv keys from that, and use them to create and the mac for the message and encrypt the PDU (if desired), and the security info is put in the community string field (which is now encoded in BER to match the security field in SNMPv3/USM messages). When you do all of this, you have SNMPv1 or SNMPv2c with security. Of course, only managers and agents that are built with the secret NET-SNMP build switches can talk to each other, but that's Ok because its for the military. PS What day is today? I think it's April 1, isn't it? At 10:24 PM 7/28/2004 -0400, Michael J. Slifcak wrote: >agon EastDr wrote: >>is there any security feature implemented by net snmp for v1,v2 snmp agent? > >Depending on how it was compiled, and in some cases which platform it >was built for, the protocols supported by the Net-SNMP agent are >described clearly in the FAQ file, which is a component of the >compressed tar source file found at http://www.net-snmp-org/download/ > >>if have, what do they conform to?what is the key to implement the security features? > Regards, /david t. perkins ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Net-snmp-coders mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
