Thanks Dave - that would make our configuration much easier. I had only
tested the "rocommunity" with a community string, didn't realize that
you could add a source [hey, Wendy, read all of the doc next time! ;-) ]

I've changed the IP table in my MIB since I sent it to the list, based
on the feedback about IP and MIB-II information (thanks again for that!)
- we're now returning some physical information (including MAC address,
only for a consistent way to identify the NIC), along with our
definition of 'operational status' and 'link status'. I've removed all
of the IP address information.

~ Wendy

Hope your chamber music "marathon" went well!

-----Original Message-----
From: Dave Shield []
Sent: Monday, January 21, 2008 6:53 AM
To: McGowen, Wendy
Subject: Re: General security usage question

> it would be much easier to set up the configuration mechanism for

> rocommunity
> than for the more robust (and secure) "community name mapped to

> name mapped to group name mapped to view mapped to access rights"
> method.

But that's exactly what "rocommunity" does.
It's just that all the processing is handled under the hood - you don't
the details unless you actually look at the VACM tables.

So what you really need to support are the two formats:


That would give you the two styles of access control that you've
mentioned, without having to worry about the complexity of the
full com2sec/group/view/access mechanism.


PS: No - I haven't forgotten about the MIB review I promised.
It's just been a busy couple of weeks!

This email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
Net-snmp-users mailing list
Please see the following page to unsubscribe or change other options: