2009/2/25 Sergio Cabaço <[email protected]>:
> There is no specification in the RFC that says that initial
> master user can't change its own password in the first boot?
Correct.
The RFC specification doesn't say *anything* about "first boot".
Once a user has been created (which is where the cloneFrom stuff
comes into play), from then on it should then be possible to change
the security Keys.
Whether the agent is stopped and restarted should have no
effect whatsoever.
That's according to the specs.
The fact that our agent works differently is a bug. (IMO).
> The passw can be change on all boots, except in the one when createUser is
> converted to
> usmUser in the persistent snmpd.conf. I think this happens because it needs
> to insert the
> new created user in the "user's table" and only then the passwords can be
> changed.
> This only occurs when the agent goes down and gets up.
Not true.
Try the following:
- shut the agent down
- remove all 'usmUser' settings from /var/net-snmp/snmpd.conf
- insert a 'createUser' setting into /var/net-snmp/snmpd.conf
$ snmpwalk ..... usmUserTable > /tmp/usm1
- shut down and restart the agent
$ snmpwalk ..... usmUserTable > /tmp/usm2
$ diff /tmp/usm1 /tmp/usm2
You should find that the contents of the two usmUserTables are identical
(which is what we would expect). The 'createUser' entry *is* present in the
user table right from the start.
The differences lie in the fine detail of the internal data structures,
used by the Net-SNMP agent to represent this table, and the code used
to validate these data structures.
> I cannot comment out the if(uptr->cloneFrom) because it creates an exception
> to the RFC.
The test shouldn't be removed completely, because this validation *is*
required for proper
creation of new users. The problem (IMO) is that the code is being
applied too broadly.
The check is needed if a new row is being created, ===> and not otherwise <===.
That's my understanding, anyway. Wes may see things differently.
(It wouldn't be the first time!)
Dave
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
