>>>>> On Thu, 23 Apr 2009 08:32:27 +0100, Dave Shield >>>>> <[email protected]> said:
DS> - Wes is the expert on SNMPv3, not me - but as I understand it, DS> the two KeyChange objects are not actually needed for *creating* DS> a new SNMPv3 user. They are typically used shortly afterwards, DS> to change the passwords for that new user. The reason behind the keychange objects are multi-fold. 1) You can't create users directly without a pre-existing user on the system. Implementations are encouraged to do what Net-SNMP does which is to require some "bootstrapping" users to exist before the SNMP operations can be performed successfully. IE, you can only clone existing users with their keys and then change the keys using the keychange objects. Some of this was done this way to discourage the situations that occurred with SNMPv1 and default community names like "public" being released as defaults to the world. 2) The keychange objects were also designed so that they could be exported from countries with restrictive export laws. In particular, the objects work securely even when encryption is not enabled. IE, you can change the key securely even when using authNoPriv. -- Wes Hardaker Please mail all replies to [email protected] ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
