Dave Shield wrote:
> It turns out that this change has also affected the default behaviour
> slightly. Up to now, these convenience directives have registered an
> entry in the vacmAccessTable with a prefix context match on "" - thus
> matching *ALL* contexts by default. Following my latest patches, the
> same directive would now register an *exact* context match on "" -
> thus applying to the default context only.
> I'm inclined to leave things as they stand - this feels a more secure
> arrangement, and is probably in line with default expectations. But
> it does result in a minor change in behaviour, so I wouldn't object if
> the consensus was to switch back to the previous, more open
> configuration.

One of the affected real-life scenarios is the management of snmptrapd's
usmUserTable as formalized in test #20 (which broke, but now has been
tweaked accordingly). I'm not sure it has seen wide-spread use other
than behind the curtains of the company I work for, though.


Thomas Anders (thomas.anders at blue-cable.de)

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
Net-snmp-coders mailing list