HI, On your question about proxies, here goes from memory. The RFCs go into mind numming detail...
First, thanks for updating the terminology. What the SNMP specs say and what the code does (and what people generally say) all concide. As to sending the same varBindList - in the SNMP specs, the varBindList is the same (with one exception of dealing with SNMPv1 to/from SNMPv2c/SNMP3 for traps) coming to and going out of a proxy. As to the security issue, the specs say that only the "target system" and not the proxy does authorization (access control) of a request. The "point-to-point" authentication and integretty on the path from the manager via one or more proxies to the target are independent. That is, the target is not provided with the identity of the original manager via the SNMP protocol. A target cannot tell that a request has been proxied! The administrative tables must be set up for a "proxy chain" to occur. From the standpoint of the specs, only the engineId, context, and varBindList from the PDU is transfered "unaltered" from a manager to/from the target system. DaveS asked... > I was going to ask DavidP about this, but you might know - with > the "pure" proxy forwarding approach, and an authenticated SNMPv3 > request - which agent is responsible for authenticating the request? > The proxying (intermediate) agent, or the proxied (far end) agent? > (This would also presumably affect things like the authoritative > engine ID, and the boot count/time values) > Regards, /david t. perkins ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Net-snmp-coders mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
