Menu
▾
▴
net-snmp-coders
|
From: EYRE B. <Ber...@al...> - 2010-02-06 02:25:48
Attachments:
myowntest2.c
|
Hello Coders, I have a requirement to create snmp users dynamically at run time from C code. I have written similar code to snmpusm app and used the same approach. At first all I want to do is to generate the user using clonefrom user and it password. I isolated the relevant code and made a separate executable for you to examine and even possibly to compile and run. I created the initial user by adding it to /etc/net-snmp/snmpd.conf file as suggested by the docs. If I use snmpsum command as follow snmpusm -v3 localhost -l authNoPriv -u InitialAuth1 -A setupauth create beyre01 InitialAuth1 the commands works and the user is added, but using my attached code it doesn't. when I run the attached program I get "USM unknown security name (no such user exists)" error as a return code for snmp_synch_response() call. I don't know which user is the one generating the error, the one in the session, or the one in the pdu; they both are the same in either case. Have you done similar thing? If you have and/or by looking at the attached code you can tell me whats is wrong I would be appreciated. Thanks, Bernadette |
|
From: EYRE B. <Ber...@al...> - 2010-02-10 02:46:15
|
Hello Dave, Is it possible to create snmpv3 user with hashed password rather than clear text and provide the appropriate hash algorithm type? If so which api to use? Any examples? Thanks, Bernadette |
|
From: Dave S. <D.T...@li...> - 2010-02-10 09:14:56
|
On 10 February 2010 02:45, EYRE Bernadette <Ber...@al...> wrote: > Hello Dave, Please address queries to the list as a whole - not to me personally. I am *not* the sole support for this project (though it sometimes feels like it!) > Is it possible to create snmpv3 user with hashed password rather than > clear text and provide the appropriate hash algorithm type? $ man snmpd.conf SNMPv3 Users If you want to generate either your master or localized keys directly, replace the given password with a hexstring (preceeded by a "0x") and precede the hex string by a -m or -l token (respectively). > If so which api to use? All creation of SNMPv3 users eventually boils down to a call to: usm_add_user() > Any examples? See 'usm_parse_create_usmUser()' in snmplib/snmpv3.c Dave |
|
From: EYRE B. <Ber...@al...> - 2010-02-12 02:37:39
|
Thank you Dave for shedding some light on this. I'm sorry for my persistent but I need to understand this. I'm using net-snmp 5.4.2.1 version on linux. I read the docs, manual pages, looked at library snmpusm.c and snmpusm.c code in apps dir but I can't make -m option work. I type: snmpusm -v3 localhost -l authNoPriv -u initialuser1 -A passwd1 create user1 initialuser1 This works and the user is created since the clone from "initialuser1" user is in persistent snmpd.conf file. Then I use the snmpusm command to change the inherited password from cloneFrom user. I want to supply an already (MD5) hashed value instead of clear text passphrase so I use: snmpusm -v3 -l authNoPriv -u user1 -A passwd1 passwd -Ca passwd1 -m 0x<hexkey> The snmpusm command returns error : New passphrase must be greater than 8 characters in length I don't know if -m option is intended to be used with MD5 hashed value?? I noticed the manual pages for snmpcmd refers to -m as -3m and so does the snmpv3.c code. So I used -3m option instead but that did the same as above. I don't know if this is the best way to create a new user other than writing program and creating netsnmp session and pdu to talk to the agent. Is it always required to create the user first and then change the password or it can be done in one step? I still prefer at the moment to use the snmpusm command to create the user with my own hashed password. If anyone knows how to, please let me know Thanks, Bernadette -----Original Message----- From: dav...@go... [mailto:dav...@go...] On Behalf Of Dave Shield Sent: Wednesday, February 10, 2010 1:15 AM To: EYRE Bernadette Cc: net...@li... Subject: Re: create SNMPv3 user with hashed password On 10 February 2010 02:45, EYRE Bernadette <Ber...@al...> wrote: > Hello Dave, Please address queries to the list as a whole - not to me personally. I am *not* the sole support for this project (though it sometimes feels like it!) > Is it possible to create snmpv3 user with hashed password rather than > clear text and provide the appropriate hash algorithm type? $ man snmpd.conf SNMPv3 Users If you want to generate either your master or localized keys directly, replace the given password with a hexstring (preceeded by a "0x") and precede the hex string by a -m or -l token (respectively). > If so which api to use? All creation of SNMPv3 users eventually boils down to a call to: usm_add_user() > Any examples? See 'usm_parse_create_usmUser()' in snmplib/snmpv3.c Dave |
|
From: Dave S. <D.T...@li...> - 2010-02-12 14:22:27
|
On 12 February 2010 02:36, EYRE Bernadette
<Ber...@al...> wrote:
> I'm using net-snmp 5.4.2.1 version on linux.
> I read the docs, manual pages, looked at library snmpusm.c and snmpusm.c
> code in apps dir but I can't make -m option work.
> I want to supply an already (MD5) hashed value instead of clear text
> passphrase so I use:
> snmpusm -v3 -l authNoPriv -u user1 -A passwd1 passwd -Ca passwd1 -m 0x<hexkey>
I'm not really an expert on SNMPv3, but that invocation does not seem to
match the description in the snmpusm man page. This lists '-Ca' as one of
the "Common Options" which appear *before* the USM command ("passwd")
Also, the description of the "passwd" sub-command says:
" To change from a localized key back to a password, the
following variant of the passwd sub-command is used:
snmpusm [OPTIONS] <-Ca | -Cx> -Ck passwd
OLD-KEY-OR-PASSPHRASE NEW-KEY-OR-PASSPHRASE [USER]
The OLD-KEY-OR-PASSPHRASE and/or NEW-KEY-OR-PASSPHRASE arguments
can either be a passphrase or a localized key starting with "0x",
"
Which would imply that the command ought to be something like:
snmpusm -v3 -l authNoPriv -u user1 -A passwd1 -Ca -Ck passwd passwd1 0x<hexkey>
> I don't know if -m option is intended to be used with MD5 hashed value??
-m is not relevant to the "passwd" sub-command.
It's part of the common processing for the basic SNMP commands.
> So I used -3m option instead but that did the same as above.
All of the -3... options are treated in exactly the same way as the
eqivalent non-3 versions. That was an (unsuccessful) attempt to
reduce the pollution of the command-line option namespace.
My gut feeling is that you are confusing the common SNMP command options
with the USM-specific sub-command options. These are different (I believe).
But I'm not an SNMPv3 expert, so I could well be wrong here.
Dave
|
|
From: Wes H. <har...@us...> - 2010-02-12 19:25:10
|
>>>>> On Fri, 12 Feb 2010 13:22:29 +0000, Dave Shield <D.T...@li...> said: DS> My gut feeling is that you are confusing the common SNMP command DS> options with the USM-specific sub-command options. These are DS> different (I believe). In short: 1) All the options you need to authenticate/etc the SNMPv3 USM user *making* the request need to go before the USM command (eg, like "clone"). 2) All of the options that affect the command itself and tell it how to set the password for the user you're operating *on* need to go after the command. This allows for separation of the user being acted upon from the user performing the maintenance. -- Wes Hardaker Please mail all replies to net...@li... |
|
From: EYRE B. <Ber...@al...> - 2010-02-12 20:07:07
|
Thanks Dave and Wes. Wes, if you are using snmpusm command and you have already created the user and you want to change the password and provide the new password in hashed format, not in clear passphrase format, how would you do it, what will be the command? I know -Ck option is for localized format but my password is hashed (in MD5 or in SHA format) and that is how it will be supplied to me from a remote authentication server. Thanks, Bernadette -----Original Message----- From: Wes Hardaker [mailto:har...@us...] Sent: Friday, February 12, 2010 11:25 AM To: Dave Shield Cc: EYRE Bernadette; net...@li... Subject: Re: create SNMPv3 user with hashed password >>>>> On Fri, 12 Feb 2010 13:22:29 +0000, Dave Shield <D.T...@li...> said: DS> My gut feeling is that you are confusing the common SNMP command DS> options with the USM-specific sub-command options. These are DS> different (I believe). In short: 1) All the options you need to authenticate/etc the SNMPv3 USM user *making* the request need to go before the USM command (eg, like "clone"). 2) All of the options that affect the command itself and tell it how to set the password for the user you're operating *on* need to go after the command. This allows for separation of the user being acted upon from the user performing the maintenance. -- Wes Hardaker Please mail all replies to net...@li... |
|
From: Wes H. <har...@us...> - 2010-02-16 22:10:43
|
>>>>> On Fri, 12 Feb 2010 14:06:31 -0600, "EYRE Bernadette" <Ber...@al...> said: EB> Wes, if you are using snmpusm command and you have already created the EB> user and you want to change the password and provide the new password in EB> hashed format, not in clear passphrase format, EB> how would you do it, what will be the command? I vaguely recall that the recent version of snmpusm was patched so that the old/new passwords could start with "0x" to indicate a key. -- Wes Hardaker Please mail all replies to net...@li... |
|
From: EYRE B. <Ber...@al...> - 2010-02-16 22:47:51
|
I'm running 5.4.2.1 version, would this patch be available for this version? Or should I update to 5.5? Thanks Bernadette Eyre -----Original Message----- From: Wes Hardaker [mailto:har...@us...] Sent: Tue 2/16/2010 2:10 PM To: EYRE Bernadette Cc: Wes Hardaker; Dave Shield; net...@li... Subject: Re: create SNMPv3 user with hashed password >>>>> On Fri, 12 Feb 2010 14:06:31 -0600, "EYRE Bernadette" <Ber...@al...> said: EB> Wes, if you are using snmpusm command and you have already created the EB> user and you want to change the password and provide the new password in EB> hashed format, not in clear passphrase format, EB> how would you do it, what will be the command? I vaguely recall that the recent version of snmpusm was patched so that the old/new passwords could start with "0x" to indicate a key. -- Wes Hardaker Please mail all replies to net...@li... |
|
From: Dave S. <D.T...@li...> - 2010-02-17 09:23:37
|
On 16 February 2010 22:43, EYRE Bernadette <Ber...@al...> wrote: > I'm running 5.4.2.1 version, would this patch be available for this version? > Or should I update to 5.5? Check the usage output of snmpusm. If this mentions "-Ck" (and talks about KEY-OR-PASSPHRASE), then support for this should be present. If it doesn't then you'll probably need to upgrade. I *think* this feature is present in 5.4.x and above, but not 5.3.x or earlier. But check. Dave |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X