On 30/01/2008, Mike Ayers <[EMAIL PROTECTED]> wrote: > This much I can tell you - communities were never intended as an > authentication mechanism. They are, and always were intended to be, > more like SNMPv3's context than anything else,
I sort of agree - at least in part. The main difference is that SNMPv3 contexts are conceptually part of the SNMP agent only - from RFC 3411, section 3.3.1: " ... a context is always defined as a subset of a single SNMP entity" (OK - the SNMPv3 specs talk in terms of "entities" rather than "agents" or "clients", but the essence is much the same). In contrast, the SNMPv1 idea of a community is explicitly applied to the *combination* of agent and client apps. RFC 1157, section 3.2.5: "A pairing of an SNMP agent with some arbitrary set of SNMP application entities is called an SNMP community." So yes - an SNMP community includes the later concept of the SNMPv3 context. But it also has elements of authentication - or more strictly, of access control. SNMPv1 comes from an older, more trusting era - when ideas about security were less well codified. You could leave your door unlocked at night, children could play in the street without fears of them being abducted or run over, and we didn't view other users of the Internet with the same suspicion and mistrust that we do now. Ah, those were the days..... > yet that [contexts] seems to be the only thing they don't get used for. I would draw the honourable gentleman's attention to the full syntax of the snmpd.conf directive "com2sec" :-) Dave ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
