HI, In the below, the comment "User validation is not possible with snmpv1 or v2c because they are only based in community's name." is not strictly valid. In a well planned deployment, each unique user identity (user name, security name, etc.) can be mapped to a unique value of the "community string" field. If you share user names, such as tell every one to use user "anonymous" (with passphrase "anonymous" for read-only access to core MIB objects, and to use user "operator" (with passphrase "secret") for read-only access to everything then you have the same security model as you have with community strings. That is, are "anonymous" and "operator" real user identities or roles?
But, "in the real world" perception is reality, so most people believe that community-based SNMP (SNMP-v1 & SNMPv2c) don't support user identities, and that user-based SNMP (SNMPv3) requires user identities. So, believe your own reality and be happy. At 10:30 AM 7/29/2004 -0300, Esteban Pizzini wrote: >On Thu, Jul 29, 2004 at 12:28:52PM +0000, agon EastDr wrote: >> in snmp v1,v2c, >> how can I limit a user access to a mib node? TO describe it more exactly is >> that I want one user has only the read access to a mib node, but another >> user has both read accesss & write access to the same mib node. in addition >> , sometimes, the 3rd user may be prohibited from accessing the same mib >> node(no read & write accesss rights). Is the standard snmpv1,v2c capable of >> doing this? If the snmp of v1/v2c can, how? >User validation is not possible with snmpv1 or v2c because they are only based in >community's name.. > >> >> if in v3, how can it be done? >In snmpv3 you can authentificate users and encrypt snmp message if you want.. >To do this with net-snmp, you have a quickly reference at >http://www.net-snmp.org/README.snmpv3.txt > >Esteban Regards, /david t. perkins ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Net-snmp-coders mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
