> I see that you have "Disallow SNMP access to USM objects" on your TODO
> list. My organization will be using these objects to create new users
> remotely. If your TODO item means just that you will change the access
> level of the objects in SNMP-USER-BASED-SM-MIB to "noaccess", that's
> fine, because we can easily change the access levels. If it means
> something more than that, hopefully you'll reconsider. I was also
Perhaps what I meant in the TODO list is to set up a default negative
view to disallow USM subtree access at Agent by Manager. Whenever user
deliberately needs remote LCD access s/he would be free to change that
default VACM setting. So, you're on a safe side. ;)
> hoping you'd implement the algorithm that creates the encryption and
> authentication keys from the usmUserAuthKeyChange and
> usmUserPrivKeyChange values.
Yeah, right, let me figure out how it's supposed to be done...
> I have written a patch for SNMP-USER-BASED-SM-MIB.py that gives the
> usmUserSecurityName object the value of usmUserName whenever the is
> changed. The patch is on the website. Please consider incorporating it;
> it will save your newer users some hassle should they try to create
> users remotely.
I've put a comment on it at the website. I'll try to re-work your patch in
a more reliable way as well...
Thanks,
ilya
|
