[prev in list] [next in list] [prev in thread] [next in thread] 

List:       net-snmp-coders
Subject:    Re: use private mibs or public mibs?
From:       Wes Hardaker <hardaker () users ! sourceforge ! net>
Date:       2009-04-23 14:31:18
Message-ID: sdtz4fjvbd.fsf () wes ! hardakers ! net
[Download RAW message or body]

>>>>> On Thu, 23 Apr 2009 08:32:27 +0100, Dave Shield <D.T.Shield@liverpool.ac.uk> said:

DS> -  Wes is the expert on SNMPv3, not me - but as I understand it,
DS> the two KeyChange objects are not actually needed for *creating*
DS> a new SNMPv3 user.   They are typically used shortly afterwards,
DS> to change the passwords for that new user.

The reason behind the keychange objects are multi-fold.

1) You can't create users directly without a pre-existing user on the
   system.  Implementations are encouraged to do what Net-SNMP does
   which is to require some "bootstrapping" users to exist before the
   SNMP operations can be performed successfully.  IE, you can only
   clone existing users with their keys and then change the keys using
   the keychange objects.  Some of this was done this way to discourage
   the situations that occurred with SNMPv1 and default community names
   like "public" being released as defaults to the world.

2) The keychange objects were also designed so that they could be
   exported from countries with restrictive export laws.  In particular,
   the objects work securely even when encryption is not enabled.  IE,
   you can change the key securely even when using authNoPriv.

-- 
Wes Hardaker
Please mail all replies to net-snmp-coders@lists.sourceforge.net

------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and 
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today. 
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
[prev in list] [next in list] [prev in thread] [next in thread]