Thanks Dave. I appreciate the advice and will look into the approach you have suggested.
Regards, Harvey -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dave Shield Sent: Tuesday, 2 August 2011 7:39 a.m. To: Harvey Shepherd Cc: [email protected] Subject: Re: Enforcing SNMPv3 User Authentication and Privacy On 27 July 2011 01:07, Harvey Shepherd <[email protected]> wrote: > Are there any compile-time configuration options to enforce the use of user > privacy and authentication when creating users? I know that MD5 > authentication and DES privacy can be disabled, but was wondering if there > was something similar to disable "no authentication" and "no privacy". Not at compile-time, no, IFAIK. This would normally be handled as part of the access control configuration. If you want to insist on encrypted traffic, then this would typically be specified using rouser USER priv or similar > If not, then I assume it would be fairly easy to implement by adding defines > similar to DISABLE_MD5 and DISABLE_DES, though I guess I'd have to be > careful not to compile out inappropriate code which send out > unencrypted/authenticated error reports etc. If you want to hardcode this restriction within the binaries themselves, I'd be inclined to enforce this at a slightly different level, concentrating on the creation of users (to reject a 'createUser' line that didn't specify an encryption protocol), the VACM handling within the agent (to reject anything less than authPriv) and the client command-line parsing (to insist on authPriv requests). That's probably simpler/safer than fiddling with the low-level internals of the library. Dave ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1 _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
