(RADIATOR) SNMPAgent patch: access restrictions now available

Wed, 04 Apr 2001 14:55:36 -0700 

Hi all and Mike,

I wrote a patch to SNMPAgent to restrict the acces to the Radius
SNMP vars, especially to disallow unauthorized resets.

You can now spend two separate communities for read-only
and read-write and you can define a Managers list for allowed hosts.

I would appreciate if the community decides this stuff
useful. Please raise your hands if yes so Mike gets perhaps convinced
to add this to one of the next patches/releases.

I wrote this backward compatible to old config files with
Community defined. If you don't define a managers list all hosts
has access. The following parameters are new to the SNMPAgent clause:

---------------------------------------------------------------------
6.13.3 Community
deprecated but allowed for backward compatibility

6.13.5 ROCommunity

SNMP V1 provides a weak method of authenticating SNMP requests, using
the "community name". This optional parameter allows you to specify
the SNMP V1 community name that will be honored by SNMPAgent for
read-only
access. Defaults to nothing, you have to define one by yourself.
We strongly recommend that you choose a community name and keep it
secret.

 
# Use a secret community.
ROCommunity mysnmprosecret

6.13.6 RWCommunity

This optional parameter allows you to specify the SNMP V1 community name
that will be honored by SNMPAgent for read-write access. Knowing this
secret you are able to reset Radiator via SNMP. Defaults to nothing.
If you don't need resetting via SNMP use only ROCommunity.

# only necessary for resetting via SNMP
RWCommunity extremelysecure

6.13.7 Managers

This optional parameter specifies a list of SNMP managers that have 
access to SNMPAgent. The value is a list of host names or addresses,
separated by white space or comma. You can have any number of Managers
lines. Defaults to nothing with all hosts allowed.

# allowed SNMP managers
Managers        foo.bar.edu 192.168.1.11, noc.rz.uni-ulm.de
Managers        baz.bar.com,10.1.1.254

----------------------------------------------------------------------------



TODO:
Documentation should be rewritten by a native speaker :-(


Have fun with it.

Regards
        Charly Gaissmaier

SNMPAgent.pm.gz

Reply via email to