>>>>> On Tue, 18 Oct 2005 10:31:34 +0800, "Chen Chang" <[EMAIL PROTECTED]> said:
Chen> We're planning to develop a new security model based on Public
Chen> Key Infrastructure (PKI) for SNMPv3, named PKISM. Could you give
Chen> us some advice?
Chen> 1. Is it feasible to use net-snmp to develop? That is, does net-snmp
Chen> support such extension?
Chen> 2. What are the most relative files that we should look into?
You'll be happy to know that the SNMPv3 security module support for
net-snmp is quite extensible. In fact, we designed it this way from
the beginning and made it even more so when we implemented the first
non-USM extension based on kerberos (KSM). I've used it since then to
do a reference implementation of SBSM, and lately another
toy-reference implementation of tunneling protocols (SSH) based on
local user credentials. It's quite extensible such that you shouldn't
need to modify the base code at all to add in your extension.
The bad news is that it's not documented what is actually needed to
write one of these things. It's mostly in my and a few other people's
heads.
Further info:
Run ./configure --help and look for --with-security-modules
Running it with --with-security-modules="pkism" for instance will
auto-check for and build snmplib/snmppkism.c, calling init_pkism() to
initialize your security model.
Examples to look at:
snmplib/snmpusm.c - SNMPv3/USM
(actually spread over multiple other
files too)
snmplib/snmpksm.c - kerberos/snmp
snmplib/snmplocalsm.c - accepts the user the app was run as
(requires a transport that says this is ok)
(this is only in main cvs too)
--
Wes Hardaker
Sparta, Inc.
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
