On Tue, 2006-01-24 at 06:01 +1000, Nigel Cunningham wrote: > But I want it to be authorised by the final destination; I just want > the trapd that's forwarding the trap to do so without requiring the > authentication details to be configured on it as well.
Then you probably need to step in at a much earlier stage - before the SNMP request packet is even parsed. I'm not an SNMPv3 expert, but I'm not convinced that simply skipping the USM checks is safe (or will even work). The authentication of the request is done at a very low level, and is basically a digital checksum. If this checksum doesn't match, then the packet is regarded as corrupt, and will be discarded. It's not simply a case of checking a username and password. And if you want the final destination to authenticate the request, then the trap-forwarder must also forward any engine probe requests (and return the responses to the original trap generator). The trap-forwarder needs to act as a switch rather than a router :-) SNMPv3 notifications are Not Simple. But feel free to have a go. Dave ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
