Hello,
After digging through all the relevant documentation I can find on Net-SNMP
proxy support, (and searching through this mail archive), I'm hoping someone
can help direct me to the best resources for my situation.
Basically, I'm updating an existing system that uses a different SNMP stack
(Aricent ISS) to support FIPS compliance. I'd like to take advantage of
Net-SNMP so I can leverage OpenSSL's FIPS object module. Anyway, my thought
was to use Net-SNMP as a proxy on the front-end, handling the non-VACM security
related processes of the USM (authentication and privacy).
I'm hoping to keep the existing SNMP agent more or less unchanged, except that
it would be listening on the loopback adapter on a non-standard port, handling
requests forwarded by the Net-SNMP proxy.
My confusion stems mostly from how VACM plays into this configuration. From a
review of the code, it looks like the proxy has no current mechanism to forward
along the security related parameters necessary for the subagent to properly
process VACM-based authorization, but maybe I misunderstood something.
I was getting ready to begin making custom modifications to see if I could add
the functionality to copy at least the user name into the forwarded PDUs, but
I'm concerned I may be going about this the wrong way. I'm guessing that the
proxy implementation isn't designed for this use-case, but is it possible to
adapt it without too much effort? FWIW, I'm looking at Net-SNMP version 5.7.3
for Linux.
Best regards,
-Rob Boyer
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
