From: Joan L. <Joa...@ov...> - 2008-07-31 14:31:34
|
Ok, thanks for your help, Given your input I opted to change the -I command from inclusion to exlusion be means of the (-) option. Thanks -----Original Message----- From: dav...@go... [mailto:dav...@go...] On Behalf Of Dave Shield Sent: Thursday, July 31, 2008 9:45 AM To: Joan Landry Cc: net...@li... Subject: Re: Netsnmp Security issue 2008/7/31 Joan Landry <Joa...@ov...>: > Why should the -I option have an impact on the master agent doing > authentication? Because the authentication and access control functions are implemented as (optional) modules. If you omit these module from the master agent, then it won't do authentication/access control. > If I add any of the vacm tables I get: > getaddrinfo: vacmContextTable Name or service not known What were the exact module(s) that you added? I *think* that you just need 'vacm_context' to have the agent handle access control. If you want to configure this via the snmpd.conf file, then you need to activate 'vacm_conf' If you want to query/configure this information via the MIB tables, then you need to activate 'vacm_vars'. You may/may not need to add some of the usm* modules as well. I haven't tried playing with this myself, but try adding all of these six, and then whittle down until you get the minimal acceptable working set. It might also be useful if you could feed back your discoveries so that others can learn from your experiences. Dave |