Thanks Dave - that would make our configuration much easier. I had only
tested the "rocommunity" with a community string, didn't realize that
you could add a source [hey, Wendy, read all of the doc next time! ;-) ]

I've changed the IP table in my MIB since I sent it to the list, based
on the feedback about IP and MIB-II information (thanks again for that!)
- we're now returning some physical information (including MAC address,
only for a consistent way to identify the NIC), along with our
definition of 'operational status' and 'link status'. I've removed all
of the IP address information.

~ Wendy

Hope your chamber music "marathon" went well!

-----Original Message-----
From: Dave Shield [mailto.T.Shield@liverpool.ac.uk]
Sent: Monday, January 21, 2008 6:53 AM
To: McGowen, Wendy
Cc: net-snmp-users@lists.sourceforge.net
Subject: Re: General security usage question



> it would be much easier to set up the configuration mechanism for

this:
> rocommunity
> than for the more robust (and secure) "community name mapped to

security
> name mapped to group name mapped to view mapped to access rights"
> method.


But that's exactly what "rocommunity" does.
It's just that all the processing is handled under the hood - you don't
see
the details unless you actually look at the VACM tables.

So what you really need to support are the two formats:

rocommunity
and
rocommunity

That would give you the two styles of access control that you've
mentioned, without having to worry about the complexity of the
full com2sec/group/view/access mechanism.

Dave

PS: No - I haven't forgotten about the MIB review I promised.
It's just been a busy couple of weeks!

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/...net-snmp-users