Hello,

In order to remotely change the authentication password of a user I do the 
following steps:


1.       Get the usmUsrSpinLock.0 and save in sValue

2.       I obtain the old key of the user whose password I want to change as 
follows:
byte[] oldKey = snmp.getUSM().getUser(engineId, new 
OctetString(user)).getUsmUser().getAuthenticationPassphrase();

3.       Then I generate the new key as follows:

byte[] newKey = SecurityProtocols.getInstance().passwordToKey(AuthMD5.ID, new 
OctetString(newPassword), engineId.toByteArray());

4.       Then I generate the key change value as follows:

byte[] keyChange = new AuthMD5().changeDelta(oldKey, newKey, random.getBytes());

5.       And finally I do a SET to the usmUserTable:

SET(usmUserSpinLock.0=sValue, usmUserAuthKeyChange=keyChange, 
usmUserPublic=random)

When I read the usmUserTable MIB table after the SET I can see the random value 
in the usmUserPublic column, however when I do a request using the new password 
the agent responds that the password is not correct.

Am I missing something in the password change procedure? I have tried to follow 
the procedure described in RFC 3414 (KeyChange).

Best regards,
Roger Vilagut Abad

________________________________
Este correo electr?nico y, en su caso, cualquier fichero anexo al mismo, 
contiene informaci?n de car?cter confidencial exclusivamente dirigida a su 
destinatario o destinatarios. Si no es vd. el destinatario indicado, queda 
notificado que la lectura, utilizaci?n, divulgaci?n y/o copia sin autorizaci?n 
est? prohibida en virtud de la legislaci?n vigente. En el caso de haber 
recibido este correo electr?nico por error, se ruega notificar inmediatamente 
esta circunstancia mediante reenv?o a la direcci?n electr?nica del remitente.
Evite imprimir este mensaje si no es estrictamente necesario.

This email and any file attached to it (when applicable) contain(s) 
confidential information that is exclusively addressed to its recipient(s). If 
you are not the indicated recipient, you are informed that reading, using, 
disseminating and/or copying it without authorisation is forbidden in 
accordance with the legislation in effect. If you have received this email by 
mistake, please immediately notify the sender of the situation by resending it 
to their email address.
Avoid printing this message if it is not absolutely necessary.
_______________________________________________
SNMP4J mailing list
SNMP4J@agentpp.org
http://lists.agentpp.org/mailman/listinfo/snmp4j

Reply via email to