I haven't configured SNMP yet.. but from what I read it sounds good -Michael Audet Network Services Chubb & Son ----- Original Message ----- From: "Karl Gaissmaier" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 04, 2001 5:51 PM Subject: (RADIATOR) SNMPAgent patch: access restrictions now available > Hi all and Mike, > > I wrote a patch to SNMPAgent to restrict the acces to the Radius > SNMP vars, especially to disallow unauthorized resets. > > You can now spend two separate communities for read-only > and read-write and you can define a Managers list for allowed hosts. > > I would appreciate if the community decides this stuff > useful. Please raise your hands if yes so Mike gets perhaps convinced > to add this to one of the next patches/releases. > > I wrote this backward compatible to old config files with > Community defined. If you don't define a managers list all hosts > has access. The following parameters are new to the SNMPAgent clause: > > --------------------------------------------------------------------- > 6.13.3 Community > deprecated but allowed for backward compatibility > > 6.13.5 ROCommunity > > SNMP V1 provides a weak method of authenticating SNMP requests, using > the "community name". This optional parameter allows you to specify > the SNMP V1 community name that will be honored by SNMPAgent for > read-only > access. Defaults to nothing, you have to define one by yourself. > We strongly recommend that you choose a community name and keep it > secret. > > > # Use a secret community. > ROCommunity mysnmprosecret > > 6.13.6 RWCommunity > > This optional parameter allows you to specify the SNMP V1 community name > that will be honored by SNMPAgent for read-write access. Knowing this > secret you are able to reset Radiator via SNMP. Defaults to nothing. > If you don't need resetting via SNMP use only ROCommunity. > > # only necessary for resetting via SNMP > RWCommunity extremelysecure > > 6.13.7 Managers > > This optional parameter specifies a list of SNMP managers that have > access to SNMPAgent. The value is a list of host names or addresses, > separated by white space or comma. You can have any number of Managers > lines. Defaults to nothing with all hosts allowed. > > # allowed SNMP managers > Managers foo.bar.edu 192.168.1.11, noc.rz.uni-ulm.de > Managers baz.bar.com,10.1.1.254 > > -------------------------------------------------------------------------- -- > > > > TODO: > Documentation should be rewritten by a native speaker :-( > > > Have fun with it. > > Regards > Charly Gaissmaier === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
