Wes Hardaker wrote: >>>>>> On Mon, 24 Oct 2005 00:24:30 +0200, Thomas Anders <[EMAIL PROTECTED]> >>>>>> said: > > Thomas> Is there a way to allow *all* SNMPv3/USM users to e.g. > Thomas> "log,execute,net"? If there's not, then we'll effectively ruin > Thomas> the advantages of snmptrapd usmUserTable management, won't we? > Thomas> One can still add them on-the-fly, but not do anything with > Thomas> them. :-( > > Correct. The VACM MIBs need extending to allow on the fly VACM > management as well.
Eight month later we don't seem to be any closer to this. I still feel there's a large gap between "disableAuthorization yes" (== pre-5.3 default insecure behaviour) and this potential will-it-ever-happen per-user on-the-fly access control management. How do people think about filling the gap with something reasonable? Without having looked into whether/how it could be done (yet), what about something along the lines of authuser * log,execute,net authNoPriv (i.e. allow something for *all* SNMPv3/USM users)? Of course this should also cover USM users added via usmUserTable manipulations. Comments? +Thomas -- Thomas Anders (thomas.anders at blue-cable.de) _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
