Hi Wes Hardaker,
From RFC2786 section 2.1, I understood that EMS should send SET
request on usmUserTable / usmDHUserKeyTable to trigger the key change,
upon receiving the request Agent will generate the random number and
drive DH public key which is published in associated MIB.
Manager should read the published keys through GET request.
Manager should generates random number and derive DH public key.
Then Manger should send SET request with both (agents & managers -
concatenated) DH public key.
As per the above flow, the request needs to be transmitted for
key change is SET, GET followed by SET. But when I trace the agent logs
in 5.2.1 for snmpusm key change command, I noticed that only GET & SET
request is send form Manger to Agent. Please find attached get & set
request details. The fist SET request is missing / I am not able to
trace this. Please let me know if I missed something.
I hope the first SET request for Key change needs to be taken
care in 5.2.1.
-SIGTERM
Santhosh
-----Original Message-----
From: Wes Hardaker [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 22, 2007 4:04 AM
To: SANTHOSH S (WT01 - Broadband Networks)
Cc: [EMAIL PROTECTED]; [email protected]
Subject: Re: Sharing modifications done in Net-SNMP source
>>>>> "ss" == santhosh sundarasamy <[EMAIL PROTECTED]>
writes:
ss> We are trying to do the modification in USM implementation to
ss> support rfc2786 in version 5.2.1. Once it done, I will let you know.
Um... Version 5.2 already supports that RFC.
BTW, also: many people submit patches back because it's more likely
that they'll stay maintained in the code base and you won't have to
port them from release to release (IE, in the end it's cheaper).
--
Wes Hardaker
Sparta, Inc.
Command Used:
=============
[EMAIL PROTECTED] tmp]$ snmpusm -v3 -e 0x80001F88030016171ACC1C -u admin -l
authPriv -a SHA -A 08746928004dfa5db9724280da3f622482972027 -x AES -X
004dfa5db9724280da3f622482972027 10.201.114.69 -Ca -Cx changekey admin
new auth key: 0xb1d386501ce7c8f801db1ad552070eca59128a33
new priv key: 0x8688e80c5e7a4d56130530079e478ac9
SNMPv3 Key(s) successfully changed.
1. PDU-GET:
==========
SNMP-USM-DH-OBJECTS-MIB::usmDHParameters.0
SNMP-USM-DH-OBJECTS-MIB::usmDHUserAuthKeyChange."..........."."admin"
SNMP-USM-DH-OBJECTS-MIB::usmDHUserPrivKeyChange."..........."."admin"
Response:
SNMP-USM-DH-OBJECTS-MIB::usmDHParameters.0 = Hex-STRING: 30 66 02 61 00 FF FF
FF FF FF FF FF FF C9 0F DA
A2 21 68 C2 34 C4 C6 62 8B 80 DC 1C D1 29 02 4E
08 8A 67 CC 74 02 0B BE A6 3B 13 9B 22 51 4A 08
79 8E 34 04 DD EF 95 19 B3 CD 3A 43 1B 30 2B 0A
6D F2 5F 14 37 4F E1 35 6D 6D 51 C2 45 E4 85 B5
76 62 5E 7E C6 F4 4C 42 E9 A6 3A 36 20 FF FF FF
FF FF FF FF FF 02 01 02
SNMP-USM-DH-OBJECTS-MIB::usmDHUserAuthKeyChange."..........."."admin" =
Hex-STRING: 7F 29 34 BB 9E DE C1 8D 1E 10 83 09 49 0D EA BD
93 14 C1 56 7A D9 13 68 53 96 8F 7C BD 36 B9 7F
D3 51 90 39 CD 60 08 DC 53 46 88 49 4D 31 E3 FE
D3 5D 50 01 AB CE D7 C8 0D EF CD FC E0 24 40 57
F2 5F EC 2D 7D F2 A9 17 17 13 97 18 FC A7 7E 68
D9 98 E7 E7 DC 41 D8 B4 47 FF 65 09 85 56 58 3C
SNMP-USM-DH-OBJECTS-MIB::usmDHUserPrivKeyChange."..........."."admin" =
Hex-STRING: 53 3B D4 49 62 83 E0 65 BD 3F 36 7B 10 F2 71 9A
B1 AB DB 1B 18 C7 EC 56 63 A4 C5 BA BC A7 96 3B
9D 35 EA 1A C1 45 63 CB B8 94 7F 03 78 B2 07 CD
3C 8C 08 D7 27 0A 7D 4C 73 E6 E9 97 43 D0 19 C1
76 21 A4 7B 9C 16 A2 44 48 53 D8 00 69 B7 53 66
29 B9 D6 67 F4 E3 12 1F 43 74 FC 0B 70 11 30 90
2. PDU-SET
==========
SNMP-USM-DH-OBJECTS-MIB::usmDHUserAuthKeyChange."..........."."admin"
Value:
=====
04 81 C0 7F 29 34 BB 9E DE C1 8D 1E 10 83 09 49
0D EA BD 93 14 C1 56 7A D9 13 68 53 96 8F 7C BD
36 B9 7F D3 51 90 39 CD 60 08 DC 53 46 88 49 4D
31 E3 FE D3 5D 50 01 AB CE D7 C8 0D EF CD FC E0
24 40 57 F2 5F EC 2D 7D F2 A9 17 17 13 97 18 FC
A7 7E 68 D9 98 E7 E7 DC 41 D8 B4 47 FF 65 09 85
56 58 3C D1 9C FC 60 74 F5 45 81 49 CE 17 6B 57
C3 C8 5B 11 1A A5 5B A5 BF 5B 59 42 EE E2 AC EB
E8 4D C4 EB 43 87 35 86 A7 55 ED A5 B3 B8 10 0B
1C 65 4C 84 EF 6A 00 6F 22 6A 7C 32 70 1D 98 9B
D0 ED DE 0B CA 4F 9F 1B 1A 9A C9 1A 53 0A E1 FB
19 C0 B1 9C DE F4 27 C8 E5 E4 21 DE B0 4D 04 34
6E 2A 35
SNMP-USM-DH-OBJECTS-MIB::usmDHUserPrivKeyChange."..........."."admin"
Value:
======
04 81 C0 53 3B D4 49 62 83 E0 65 BD 3F 36 7B 10
F2 71 9A B1 AB DB 1B 18 C7 EC 56 63 A4 C5 BA BC
A7 96 3B 9D 35 EA 1A C1 45 63 CB B8 94 7F 03 78
B2 07 CD 3C 8C 08 D7 27 0A 7D 4C 73 E6 E9 97 43
D0 19 C1 76 21 A4 7B 9C 16 A2 44 48 53 D8 00 69
B7 53 66 29 B9 D6 67 F4 E3 12 1F 43 74 FC 0B 70
11 30 90 C4 69 98 51 1A ED CF BF 37 F5 D6 AC 2E
96 EE 60 E6 F7 A4 AF 87 DC 0B 59 E5 D7 63 74 33
CD 97 11 E7 0E 8C 9A 4F A1 96 63 45 C2 E4 1B D2
7C A4 F5 FA 3B 58 B4 25 8C F0 7C 13 3E B7 6C CB
6B 0C 0D 1F 64 08 C9 9F E7 99 91 A2 85 6C BF 5A
6E 32 8F EB 2C BD F6 7C 92 2B C5 58 21 66 32 9F
CF 5D CF
Response: ( Error index and Error status is 0 : SUCCESS )
=========
Response packet sent:
04 82 01 F5 D9 DB F9 64 7C 14 64 F0 13 34 88 9B
D9 81 69 55 0E 0D 13 CF 41 67 C4 EF A4 89 98 70
A9 F6 18 1B 87 B3 9D 78 91 99 D6 30 A1 81 C1 D5
56 30 83 01 98 B9 9A D3 13 B8 ED C4 93 B5 5E 71
3A BC 47 6A D9 EA AD 68 55 E3 A9 5D 99 FA 84 D8
C2 DE C0 58 43 6E 49 D9 6A 67 9C 8A 95 7C 3A ED
2F 58 06 85 28 A5 3B D4 21 99 B3 2D 45 A5 D0 E2
F5 42 8B 26 5D D1 D1 05 6F E7 F9 75 C4 B5 13 58
19 87 5E 5C 00 FF CD 12 51 BD F0 F3 EF 0F 0E F4
6E D1 A4 3F 74 A3 A4 97 62 5A A6 83 58 2E 6A 47
DD 39 A5 E4 43 EA A9 D4 95 10 97 A6 2F E0 17 51
62 9C 5B 8B 17 56 23 CD E9 21 81 CF 9A 5E E6 9C
E5 54 C5 0C A7 EB 2D E9 A3 56 28 4E A7 C7 36 34
19 65 D6 E2 07 99 FC FD 03 4D 78 25 94 B6 16 3D
CA 76 C5 0F 49 3F A1 05 32 CF 69 EC 63 97 4E B0
DB 6F 4E 41 67 E4 8B 26 C5 AA 1A C3 8D 06 0A 77
C5 43 BE BC 79 90 A8 DC E3 E1 17 E2 D4 02 E4 19
8B 41 C1 D5 1C 9C CF 4A 2E 96 68 F0 FB E7 EB C0
86 C8 0E EC 16 04 6E 9F A6 80 60 32 52 7B 69 6F
3A 88 01 46 D2 54 E0 DB 76 23 E6 EA A4 38 5C 41
ED 1B 4D CB 1E 43 1A 66 68 FF AC F2 AA 9F 7D 65
04 A7 10 8C BC 2D 15 5B B4 C0 7D 98 0B BD C7 4D
FB 74 7A 74 D5 93 33 D1 61 02 93 95 6A 17 90 F4
25 FC BB B0 B9 47 8E 99 F7 7C 08 91 D0 1B EA 34
7D 2A CE C0 84 53 2C 1A 5A 0B 6A 04 74 15 BF 19
DD 80 CF 3B 09 4D 3B 47 24 B1 F6 B5 4B DF A8 A6
D1 40 06 7B 35 F2 03 36 9B B8 2E 32 9B B7 25 B8
62 01 F3 C8 88 BC 14 28 44 EA B5 51 10 C2 CD F4
9A 41 2B C1 03 0D 75 6E 84 32 3E 11 56 60 64 25
A0 91 AC 90 E2 66 C8 85 7B 0B CD 84 31 E4 42 AD
1C 6D D8 19 50 82 A2 B1 1A 8F 98 57 11 65 AD 75
7F 52 D5 D0 0A B9 47 95 B3
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
