On Fri, Aug 24, 2012 at 12:15 PM, Baron Roberts <brobe...@mobileiron.com> wrote: > Thanks for the help Bill! I assume that I can also use master keys in > place of the localized keys. Also can I drop the engine ID? For example, > is this valid: > > trapsess -v 3 -u bob -l authPriv -a MD5 -3m > 526f5eed9fcce26f8964c2930787d82b -x DES -3M > 526f5eed9fcce26f8964c2930787d82b 1.2.3.4:162
It should be valid, yes. I've never tried it. If that set of options works for the command-line utilities against a similarly-configured snmpd, then it should work on a trapsess configuration. Bill > On 8/24/12 4:58 AM, "Bill Fenner" <fen...@gmail.com> wrote: > >>On Fri, Aug 24, 2012 at 1:34 AM, Baron Roberts <brobe...@mobileiron.com> >>wrote: >>> Hi folks, >>> >>> I cannot find a definitive answer so perhaps someone on this list can >>>help. >>> I am configuring a v3 trap entry in /etc/snmp/snmpd.conf using >>>trapsess. I >>> see numerous examples where the authentication and privacy passwords are >>> specified in clear text. This does not seem very secure so I was >>>wondering >>> if there is a mechanism for hashing the credentials? I found one posting >>> that suggested using the createUser directive but the author indicated >>>he >>> had never tried it to confirm that it is a viable approach. Any >>> clarification would be appreciated. >> >>You can specify the engine-ID, and the localized auth and priv parameters: >> >>trapsess -v 3 -u bob -l authPriv -e 000000000000000000000002 -a MD5 >>-3k 526f5eed9fcce26f8964c2930787d82b -x DES -3K >>526f5eed9fcce26f8964c2930787d82b 1.2.3.4:162 >> >>I think the talk about using createUser is that once snmpd has >>localized the user for you, you can copy the localized keys to the >>trapsess line. All you need is the remote engineID and the user's >>localized keys for that engineID. >> >> Bill > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
