OK. One final scenario for clarification. My understanding is that: - Changing the snmpd engineID will make the previous localized engineID for a given security name incorrect and render those users in the USM table unusable. - The engineID in the USM table is not accessible so it is not possible to reference and change it externally. - The keys for a user in the USM table are one-way encoded so it is not possible to determine the clear text that was originally used to add the user to the usm table.
Given that the above is correct, then a requirement for changing the snmpd engineID is that after changing it you must restore the USM table using a process similar to how you created the users originally, and in particular, you will need to know the "in the clear" keys. Is that correct? BTW: I do not see this as a net-snmp deficiency but more of an overall fall out of how the USM, VACM, TARGET and SNMP framework are loosely coupled. Jeff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Shield Sent: Tuesday, May 08, 2007 2:37 PM To: Miller, Jeff (eng) Cc: net-snmp-users@lists.sourceforge.net Subject: Re: USM engineID and the snmpd engineID? On 08/05/07, Miller, Jeff (eng) <[EMAIL PROTECTED]> wrote: > .... is it necessary to regenerate the usmUsers if I change the > engineID so that the engineID is again localized? Yes. I believe that this is correct. Dave ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
