>>>>> On Tue, 16 Dec 2008 17:20:37 -0800 (PST), Steve Miller >>>>> <[email protected]> said:
SM> I am using trapsess in the snmpd.conf to send out snmp v3 traps. SM> The traps are being sent out without problem. However, the trapsess SM> line in the snmpd.conf contains clear text for the trap receiver's SM> authentication and privacy passwords i.e. from the -A and -X SM> options. Wonder if there is way to avoid exposing the passwords SM> like that? Thanks for the help You can also set them up via the TARGET-MIB and NOTIFICATION-MIB which means the information will be put in /var/net-snmp/snmpd.conf instead during shutdown (and saving of persistent storage). However, it won't really buy you security. Then they'll be stored as a hexidecimal string for the key (which you can also specify via the trapsess line too, for that matter... see the snmpcmd manual page for directly specifying keys). snmpd needs access to the raw key material so even if you gave it a hexidecimal key instead of a password it'll still be just as dangerous... You have to store the keying material itself which is the problem. We don't support a "start-up" unlocking password at this time, and it's questionable if most people would want that... -- Wes Hardaker Sparta, Inc. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
