On 27 July 2011 01:07, Harvey Shepherd <[email protected]> wrote:
> Are there any compile-time configuration options to enforce the use of user
> privacy and authentication when creating users? I know that MD5
> authentication and DES privacy can be disabled, but was wondering if there
> was something similar to disable “no authentication” and “no privacy”.
Not at compile-time, no, IFAIK.
This would normally be handled as part of the access control configuration.
If you want to insist on encrypted traffic, then this would typically
be specified using
rouser USER priv
or similar
> If not, then I assume it would be fairly easy to implement by adding defines
> similar to DISABLE_MD5 and DISABLE_DES, though I guess I’d have to be
> careful not to compile out inappropriate code which send out
> unencrypted/authenticated error reports etc.
If you want to hardcode this restriction within the binaries themselves,
I'd be inclined to enforce this at a slightly different level, concentrating
on the creation of users (to reject a 'createUser' line that didn't specify
an encryption protocol), the VACM handling within the agent (to reject
anything less than authPriv) and the client command-line parsing
(to insist on authPriv requests).
That's probably simpler/safer than fiddling with the low-level internals
of the library.
Dave
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
