Re: how to best pass a usmUser to snmptrapd?
Actually, better yet we could make use of the fact that snmptrapd is a sub-agent already to the master agent. We could then simply register another usmUser table under a different SNMPv3 context (say snmptrapd) and thus you could configure snmptrapd's users by talking directly to the master agent. Slick! I'd install that into 5.2 hands down. Yup - that sounds good. You might even get beaten to installing it But it'd require more code, since the current usmUser code is written in the old API and doesn't handle contexts. Doesn't it? Couldn't we use register_mib_context rather than the macro REGISTER_MIB ? It probably hasn't had much practical testing, but it *ought* to work. (I would also draw the honourable member's attention to the FAQ entry: How can I register a MIB module in a different (SNMPv3) context? ) Which also raises a question about the notification log MIB. Would that perhaps be better registered under the same context? (thus freeing the default context version for a log of notifications sent by the agent) Dave --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Net-snmp-users mailing list [EMAIL PROTECTED] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: how to best pass a usmUser to snmptrapd?
On Fri, 30 Jul 2004 09:31:07 +0100, Dave Shield [EMAIL PROTECTED] said: Dave Couldn't we use register_mib_context rather than the macro Dave REGISTER_MIB ? It probably hasn't had much practical testing, Dave but it *ought* to work. Don't know. I haven't looked at it enough... Dave Which also raises a question about the notification log MIB. Dave Would that perhaps be better registered under the same context? Agreed. -- Wes Hardaker Sparta --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Net-snmp-users mailing list [EMAIL PROTECTED] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: how to best pass a usmUser to snmptrapd?
On Fri, 30 Jul 2004 07:17:44 -0700, Wes Hardaker [EMAIL PROTECTED] said: Dave Couldn't we use register_mib_context rather than the macro Dave REGISTER_MIB ? It probably hasn't had much practical testing, Dave but it *ought* to work. Wes Don't know. I haven't looked at it enough... Well, I looked at it. A lot. In short, I did it. The notification log tables are now registered under the snmptrapd context, as is the snmptrapd usmUser table. Thomas, given the current main line cvs code you should be able to manage smnpv3 users under the snmptrapd application by default now. I thought it was going to be a quick task, and thus explaining how to do it would take longer than doing it so I started in on it. However, in the process I found that I'm not sure agentx has ever supported contexts properly so I had to fix that first. Additionally, I think I solved another issue with contexts that was previously causing incorrect errors to be returned for !default contexts. There is one bug left to fix, which is that the first thing registered under a new context is missing. -- Wes Hardaker Sparta --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Net-snmp-users mailing list [EMAIL PROTECTED] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: how to best pass a usmUser to snmptrapd?
Wes Hardaker wrote: Thomas I'm (re-)designing an application that processes SNMPv3 Thomas INFORMS from tens of thousands of devices, each of them Thomas associated with a unique usmUser. The credentials get Thomas negotiated (by other means) just before sending the INFORM. Ohh... so many ways to implement this... sigh. The simplest might be actually appending the new user info to a new file, and registering a new signal and then sending that signal and having snmptrapd call a read_config routine to read *just that file* (IE, much less than a full -HUP signal). I had a similar idea in mind, but rather using a named pipe. Will any of the config reading routines have problems reading from named pipes? Thomas A snmpUsmMib implementation (like in snmpd) looks overkill for Thomas snmptrapd. A designated admin interface or different backends Thomas don't yet exist. Shall I (really?) use SNMPv3 INFORMs Thomas themselves to do the job? Well, actually, you're doing user management right? And SNMP provides a way to do that right? You seem to be trying to avoid something that already is known to work and the code is already written for. It'd be trivial to make snmptrapd start the usm code and act as a full agent (on yet another port) so you could do user management through it. If you'd be willing to offer some code fragments (trivial, you said), I may well go the snmpUsmMib route. It'd also offer the advantage to be able to pass usmUsers remotely. Which one of the two approaches would be more likely to get included in stock 5.2 snmptrapd (possibly turned on by a new configure directive, off by default)? Or none? Or both? +Thomas -- Thomas Anders (thomas.anders at blue-cable.de) --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click ___ Net-snmp-users mailing list [EMAIL PROTECTED] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: how to best pass a usmUser to snmptrapd?
On Thu, 29 Jul 2004 13:48:45 +0200, Thomas Anders [EMAIL PROTECTED] said: Thomas I had a similar idea in mind, but rather using a named pipe. Will any Thomas of the config reading routines have problems reading from Thomas named pipes? That would work too. Read in the line, and then call read_config(line...) on it and it should work (he says without testing). Thomas If you'd be willing to offer some code fragments (trivial, you Thomas said), I may well go the snmpUsmMib route. It'd also offer the Thomas advantage to be able to pass usmUsers remotely. you'd basically have to instrument the snmptrapd application with the same init routines that the agent uses (but attached to a new port), and make sure you call init_usmUser and init_vacm_vars in the process and you'd be good to go. Following the tutorial on building agent code could walk you through it. Thomas Which one of the two approaches would be more likely to get Thomas included in stock 5.2 snmptrapd (possibly turned on by a new Thomas configure directive, off by default)? Or none? Or both? We'd consider both. I think the real agent possibility is probably the right way to go. Actually, better yet we could make use of the fact that snmptrapd is a sub-agent already to the master agent. We could then simply register another usmUser table under a different SNMPv3 context (say snmptrapd) and thus you could configure snmptrapd's users by talking directly to the master agent. Slick! I'd install that into 5.2 hands down. But it'd require more code, since the current usmUser code is written in the old API and doesn't handle contexts. -- Wes Hardaker Sparta --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Net-snmp-users mailing list [EMAIL PROTECTED] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users