On Thu, 16 Jun 2005 11:17:43 +0100 Dave wrote:
DS> On Wed, 2005-06-15 at 23:48, Robert Story wrote:
DS> > Everytime this question comes up, I tell myself I should go
DS> > check the v3 specs to see if this is an actual requirement
DS> > in the spec, or a quick of our implementation........I'm
DS> > sure Mr. Perkins or Mr. Hardaker can speak to the issue..
DS>
DS> Humph!!
DS> Are you implying you don't regard me as qualified to comment?!?
Heh. Not at all. It's just that I'm expecting them to scream loudly in
opposition.
DS> This doesn't allow the possible of applying different access settings
DS> to the same securityName, based on transport differences. So the VACM
DS> model can't handle source-dependent access control without stepping
DS> outside the SNMPv3 framework.
DS> [...]
DS> So we're probably looking at the USM userName to SNMPv3 securityName
DS> mapping. RFC 3414 doesn't insist on this being an identity mapping,
DS> so a given username ("dave") could validly map into a different
DS> security name ("ShieldDT"). But it *does* specify that this mapping
DS> should be one-to-one (section 2.1). This implies having one userName
DS> associated with two (or more) securityNames isn't strictly valid.
Ok, I can see that allowing different access for the same user based on
transport is out. But I don;t see how it would preclude having a user
only be valid for a certain transport. eg user 'john', when coming from
a source within 10.0.0.0/8, maps to to security name 'doe'. Any other source,
and it doesn't map to a security name, and thus would be rejected. Does that
seem reasonable?
--
NOTE: messages sent directly to me, instead of the lists, will be deleted
unless they are requests for paid consulting services.
Robert Story; NET-SNMP Junkie
Support: <http://www.net-snmp.org/> <irc://irc.freenode.net/#net-snmp>
Archive: <http://sourceforge.net/mailarchive/forum.php?forum=net-snmp-users>
You are lost in a twisty maze of little standards, all different.
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
