Hi,
I have a question related to the usm_check_secLevel function and
the RFC3414. In the RFC3414 section 3.2 point 5 states
5) If the information about the user indicates that it does not
support the securityLevel requested by the caller, then the
usmStatsUnsupportedSecLevels counter is incremented and an error
indication (unsupportedSecurityLevel) together with the OID and
value of the incremented counter is returned to the calling
module.
The usm_check_secLevel() checks if the user in the USM table has
at least the security level that is in the packet. So, for instance, if
you have an authPriv user in the usm table and a packet with that user
arrives with noAuthNoPriv, the agent is not discarding the packet.
My question is, is this a correct interpretation of the RFC? Or
the correct action would be to compare the security levels and if those
don't match then discard the packet? (in the later case the packet shall
arrive with exactly the same security level than the user in the USM
table)
I look forward hearing your opinions on this.
Thanks,
Pablo
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
