Also, a user configured with a remote engineID in order to support V3 inform messages, as described below, would never be able to perform other SNMP operations (GET, GET-NEXT, SET) because the authoritative engineID would not match the target, correct?
From: Atkins, Brian Sent: Monday, October 28, 2019 3:54 PM To: net-snmp-users@lists.sourceforge.net Subject: V3 inform user requires engineID in persistent snmpd.conf? I'm checking my understanding of how to configure a trapsess for V3 informs in snmpd.conf. I want to avoid putting the authentication and encryption passwords in the config file, so I'm relying on USM user lookup, such as: trapsess -v3 -Ci -l authPriv -u user1 <host> with "user1" being defined using a createUser directive in the persistent config file. However, since the localized keys will be generated before the inform requests are sent, it's impossible to rely on the engineID probe behavior to learn the target engineID, correct? The engineID may be correct, but the localized keys will have been encoded using the local machine's engineID, not the target's, as required. So, I assume it's always necessary to configure an inform user with the target engineID, such as: createUser -e <engineID> ... Since informs do engineID lookup by probing the target, this seems counter intuitive, until you realize that the localized keys must have already been generated at createUser time. Is that correct or am I missing something? Is there an alternative that still avoids putting passwords in config files? Thanks! Brian
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
