Re: v3 traps and plain text password

[Prakash Masanagi]

Traps are sent using engine id of the trap sender. So I am not sure if your
suggestion will work.

In my setup, 10.4.120.145 is trap sender and 10.4.120.141 is trap receiver.
I have configured the trap receiver with
createUser -e 0x80001f8801ac1f0091 netadmin MD5 "netadminpassword" DES
where 0x80001f8801ac1f0091 is engine id of the trap sender.

I see that trap receiver (10.4.120.141) is receiving trap with no issue,
when I run the following command at trap sender
snmptrap -e 0x80001f8801ac1f0091 -v3 -u netadmin -a MD5 -A netadminpassword
-l authNoPriv 10.4.120.141  42 coldStart.0

But I want to configure snmpd process on trap sender machine (10.4.120.145)
to send the traps.
To do this, if I add the following line to /etc/snmp/snmpd.conf , then it
works great
      trapsess -v3 -u netadmin -l authNoPriv -a MD5 -A netadminpassword
10.4.120.141

But I do not want to keep this line in /etc/snmp/snmpd.conf always because
it has plain text passwords.
What is the good to solve this.
Basically, I want to tell snmpd to send the trap to a particular machine
with a particular snmpv3 user without keeping the user's auth and priv
password in plain text in any config file.

Thanks

On Thu, Mar 3, 2011 at 12:33 AM, Dave Shield <d.t.shi...@liverpool.ac.uk>wrote:

> On 3 March 2011 01:49, Prakash Masanagi <prakashmn2...@gmail.com> wrote:
> > If I add the following line in snmpd.conf, then snmpd sends v3 trap with
> > that username properly.
> >     trapsess -v3 -u netadmin -l authNoPriv -a MD5 -A netadminpassword
> 10.4.120.141
>
> > But I do not want to expose the password in plain text like this in the
> > config file.
> > Is there any other way of configuring without exposing the passwords like
> this.
>
> Determine the engineID of the destination system (10.4.120.141),
> then add a line
>
>    createUser -e 0x010203040506 netAdmin MD5 netadminpassword DES
>
> to the persistent snmpd.conf file
>   (where 0x010203040506 is replaced by the appropriate engineID).
> When you restart the agent, this will be replaced by an equivalent usmUser
> line,
> with a localized authentication key.
>
> Dave
>

------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users