|
Hi, Any one has tried the workaround for key change using snmpusm
for the users configured through createUser in persistent snmpd.conf? I have tried the workaround for bug #1447571 but I am not getting
correct behavior. The following is the procedure I have done. I have created 3 users user1, user2, and user3. I have followed the
workaround mentioned to the bug. Workaround 1:
Change the code usmUser.c and compiled the agent (snmpd) In write_usmUserAuthKeyChange(): commented NULL checking portion for
cloneFrom /*if (uptr->cloneFrom == NULL) {
return SNMP_ERR_INCONSISTENTNAME; }*/ Workaround 2: For usmUser entry in snmpd.conf (persistent), the cloneFrom value is
changed to 1 (change is NULL->1) for all the 3 users configured. Restarted the snmpd then I found some other wrong behavior while using
snmpusm. ($kill –s SIGHUP <snmpd-PID>) In either with method 1 (or) method 2, I see the problem in change of
keys. For user1: The change of keys appears to be happening with out any error at
snmpusm command, but the query fails with new changed keys. $snmpget -v3 -u admin -a SHA -A
2689b49a7ce05a26a86aa66003fa0e84a040c462 -x AES -X
7ce05a26a86aa66003fa0e84a040c462 -l authPriv localhost sysUpTime.0 DISMAN-_expression_-MIB::sysUpTimeInstance = Timeticks: (6771659)
18:48:36.59 $snmpusm
-v3 -u admin -a SHA -A 2689b49a7ce05a26a86aa66003fa0e84a040c462 -x AES -X
7ce05a26a86aa66003fa0e84a040c462 -l authPriv localhost changekey admin new auth key: 0xacfb116929a55ef429633c474870c55da0f04768 new priv key: 0x564342beb13ae92939821e2332b14f4a $snmpget -v3 -u admin -a SHA -A
acfb116929a55ef429633c474870c55da0f04768 -x AES -X
564342beb13ae92939821e2332b14f4a -l authPriv localhost sysUpTime.0 snmpget: Authentication failure (incorrect password, community or key)
(Sub-id not found: (top) -> sysUpTime) For user2: $snmpusm
-v3 -u operator -a SHA -A ba6d5bd1ff43420e8f05fd6c663a90eaa110e600 -x AES -X
ff43420e8f05fd6c663a90eaa110e600 -l authPriv localhost changekey operator new auth key: 0x424a268c782137becddf3aa92347088b0f0137cf new priv key: 0x75d507af377ca685b54a91632a71cc90 Error in packet. Reason: notWritable (That object does not
support modification) For user3: $snmpusm
-v3 -u guest -a SHA -A 974b2a15a0be89b48e65cb616c5d2505584d6e35 -x AES -X
a0be89b48e65cb616c5d2505584d6e35 -l authPriv localhost changekey guest snmpusm: Can't get diffie-helman exchange from the
agent (maybe it doesn't support the
SNMP-USM-DH-OBJECTS-MIB MIB) I appreciate for any suggestion. Is there any thing wrong I have followed
for this procedure? Interestingly for users (1-3), I was getting different errors for snmpusm
with out any changes in snmpd/MIBS. Thanks, Mahesh -----Original Message----- [EMAIL PROTECTED] wrote: > I created V3 users using createUser directive and placed in
snmpd.conf > (/var/net-snmp – which is in encrypted format). The users
are not > created through snmpusm utility. > > The following mail says that it is not possible to change the keys
> configured through the config file. Is it valid for *snmp.conf* > configuration file only? Is it valid for snmpd.conf file which is > encrypted by snmpd? See bug #1447571 ("usmuser.c checks needs clonefrom to change
passwords"): http://sourceforge.net/tracker/index.php?func=detail&aid=1447571&group_id=12694&atid=112694 for details and a workaround. +Thomas -- Thomas Anders (thomas.anders at blue-cable.de) _______________________________________________ Net-snmp-users mailing list Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users |
_______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
