Hmm... Yes I forgot about the -A -X options and that, along with the -e, allows me to configure the remote security name and parameters but now other issues are more observant.
1. The initial concern about a security name collision in the snmpd usm table is real. This means I need different security names for the local snmpd and the remote trapd. I imagine the only solution to this would require that an additional target usm table would need to be somehow added into the snmpd code. Opinions? 2. I observed that when configuring trapsess with -A and -X that the configuration does not persist. There is no persistence for the target address or for the security parameters associated with the target address. 3. If I use createUser and specify the engineID along with other parameters associated with the remote trapd, the local snmpd seems to want to use its engineID to look up the security name and this fails because the security name has the remote engineID. Jeff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Shield Sent: Monday, May 07, 2007 10:15 AM To: Miller, Jeff (eng) Cc: [email protected] Subject: Re: Looking for clarification regarding users for v3 traps On 07/05/07, Miller, Jeff (eng) <[EMAIL PROTECTED]> wrote: > In particular, is there a security name collision between the local > snmpd and the remote snmptrapd? Probably, yes. Have you seen the tutorial page " TRAPs vs INFORMs for SNMPv3" (http://net-snmp.sourceforge.net/wiki/index.php/TUT:snmptrap_SNMPv3) ? This explains something of the issues relating to SNMPv3 engineID's as they relate to notifications (traps and informs). > I have now established the security name "jeff" for informs but I see > no means to associate authentication and security passwords with the > security name "jeff" unless I also do a createUser for "jeff" in the > snmpd.conf file on the local host as well as in the snmptrapd.conf file on the remote host. The "trapsess" directive can accept the -A and -X flags, to specify the appropriate passwords. (Though obviously there are security considerations to doing this!) Dave ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
