I've checked in a working version of the snmptrapd authorization
stuff. There is bit more to do (like, uh, documentation) but it does
work. Since there isn't documentation I'll give some example
snmptrapd.conf file tokens to use:
# include everything
view anything included .1.3
# exclude coldstart
view anything excluded .1.3.6.1.6.3.1.1.5.1
# standard vacm stuff works
com2sec communities localhost public
group limitedgroup v2c communities
# new access line to tie the above to the "log" access type
setaccess limitedgroup "" v2c noAuthNoPriv prefix log anything
# these let the "secret" community log and execute things
com2sec seccoms localhost secret
group secgroup v2c seccoms
setaccess secgroup "" v2c noAuthNoPriv prefix log anything
setaccess secgroup "" v2c noAuthNoPriv prefix execute anything
# wrapper scripts to let xyzzy community log and execute
ipv4logcommunity -v execute xyzzy
Still needed:
- docs (tomorrow)
- more tests for failure cases and other stuff
- someone to test unix transports for traps and normal SNMP ops. I
didn't test it but I could have done something to it.
- proper passing around of prototypes
- much debate over something. you pick. token names. That ugly -v
flag. the fact that we need a ipv4allcommunity and related
tokens. surprise me.
--
Wes Hardaker
Sparta, Inc.
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
