Hi,
I have two proposals for the snmpusnm.
First, with the current snmpusm implementation you cannot clone
a user with a different engineID than the template, for instance, if you
use:
./snmpusm -v 3 -u Admin -l authPriv -a SHA -A Test1 -x AES -X Test1
localhost -CE 0x80001F8804686F6C61 create Test TemplateAuthPriv
The application will look for a template with the engineID that
is supplied in the command line. This prevents to create users to send
informs from an agent localized template since this inform users have to
be created with the NM engine ID. So my first proposal for this is to
modify the snmpusm to always look for an agent localized template and
then clone the user using the engineID supplied in the command line.
Second, after cloning this user, all the privacy information is
copied to the new user. This means that the new cloned user will end up
with a priv/auth key localized to the agent when his engineID is not the
agent engineID. With the current implementation the snmpusm doesn't
consider this when creating the changeKey for this user. The deltaKey is
generated from the old passphrase using the engineID provided with the
-CE option when the delta key has to be calculated using the
oldpassphrase and the agent engineID for this case.
My proposal for this is to add a new option to the snmpusm
application. This new option will indicate, when changing passphrases,
to use the agent engineID to localize the old passphrase and then to use
the engineID provided in the command line to localize the new
passphrase. Using this, the changeKey value will be correctly
calculated. E.g
./snmpusm -v 3 -u Admin -l authPriv -a SHA -A Test1 -x AES -X Test1
localhost -Ce 0x80001F8804686F6C61 passwd template Test1 Test
(template is the TemplateAuthPriv user, the new option is "-Ce")
I'm attaching the proposed patch for snmpusm. The version I'm
comparing to is 5.3.0.1
Thanks,
Pablo
snmpusm.patch
Description: snmpusm.patch
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
