Thanks for your time, Wes. The establishment of multiple proxies is an
interesting approach. In the meantime, I've made some minor changes to the
proxy implementation to support a mode in which the security name is copied
over from the incoming PDU to the session, and the security level is set to
noAuthNoPriv. This seems to meet my requirements and there is some precedent
for this kind of logic (the community string from incoming SNMPv1/2c PDUs can
be copied over to the session similarly). Unless I run into any problems with
this solution, I'll probably just use it going forward.
Best regards,
-Rob
>
> On August 9, 2017 at 5:53 PM Wes Hardaker <w...@net-snmp-pro.com> wrote:
>
> ROBERT BOYER <rboyer...@comcast.net> writes:
>
> > >
> > My confusion stems mostly from how VACM plays into this
> > configuration.
> > From a review of the code, it looks like the proxy has no current
> > mechanism to forward along the security related parameters necessary
> > for the subagent to properly process VACM-based authorization, but
> > maybe I misunderstood something.
> >
> > >
> Correct, there is no way to pass credentials. The proxy really takes
> over *after* the existing agent's VACM has let the packets through to
> the proxy processing engine. Then it uses the configured credentials to
> access the agent beyond it (the one being proxied). There is no ability
> to pass credentials straight through, though you can configure multiple
> proxies yourself in a 1:1 mapping using different snmpv3 context names I
> think.
>
> --
> Wes Hardaker
> USC/ISI
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
