In 5.2.1 source code
(usmDHUserKeyTable/usmDHUserKeyTable_data_?et.c), I noticed that
DH_generate_key() is called for both get & set request on


Is it implies that Agent (5.2.1) supports RFC 2786 (summary
given bellow) but not the snmpusm command line tool (which sends only
GET and SET not SET, GET, SET)?

If I change apps/snmpusm.c to do set on usmUserTable, followed
by get for published keys then final set as described in REC2786, will
that be the proper key change with 5.2.1 agent?


-----Original Message-----
From: SANTHOSH S (WT01 - Broadband Networks)
Sent: Thursday, February 22, 2007 11:17 AM
To: 'Wes Hardaker'
Cc: D.T.Shield@csc.liv.ac.uk; net-snmp-coders@lists.sourceforge.net;
'Dave Shield'
Subject: RE: Sharing modifications done in Net-SNMP source

Wes Hardaker,

From RFC2786 section 2.1, I understood that EMS should send SET
request on usmUserTable / usmDHUserKeyTable to trigger the key change,
upon receiving the request Agent will generate the random number and
drive DH public key which is published in associated MIB.

Manager should read the published keys through GET request.

Manager should generates random number and derive DH public key.
Then Manger should send SET request with both (agents & managers -
concatenated) DH public key.

As per the above flow, the request needs to be transmitted for
key change is SET, GET followed by SET. But when I trace the agent logs
in 5.2.1 for snmpusm key change command, I noticed that only GET & SET
request is send form Manger to Agent. Please find attached get & set
request details. The fist SET request is missing / I am not able to
trace this. Please let me know if I missed something.

I hope the first SET request for Key change needs to be taken
care in 5.2.1.


-----Original Message-----
From: Wes Hardaker [mailto:hardaker@users.sourceforge.net]
Sent: Thursday, February 22, 2007 4:04 AM
To: SANTHOSH S (WT01 - Broadband Networks)
Cc: D.T.Shield@csc.liv.ac.uk; net-snmp-coders@lists.sourceforge.net
Subject: Re: Sharing modifications done in Net-SNMP source

>>>>> "ss" == santhosh sundarasamy


ss> We are trying to do the modification in USM implementation to
ss> support rfc2786 in version 5.2.1. Once it done, I will let you know.

Um... Version 5.2 already supports that RFC.

BTW, also: many people submit patches back because it's more likely
that they'll stay maintained in the code base and you won't have to
port them from release to release (IE, in the end it's cheaper).
Wes Hardaker
Sparta, Inc.

Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
Net-snmp-coders mailing list