RE: VACM - noaccess(6) error status

["Wijnen, Bert (Bert)" <bwijnen@lucent.com>]

> hi,
> 
> An SNMPv3 agent which implements VACM has for eg.
> "systems" group of MIB-II configured to be accessed
> only by a user that implements authentication and
> privacy.
I doubt that it is "implemented" that way.
Rather, the agent may have been "configured" that way.

> My question is suppose an unauthorized user
> tries to access any mib object under "systems" group
> using invalid context-name, invalid view-name, invalid
> group name etc. then for all such attempts will the
> error-status "noAccess(6)" be returned or it will be
> something else. Though i saw error conventions like
> notInView, noSuchContext, noGroupName etc. in RFC
> 2575, i didnt find any error-status definitions like
> noaccess(6) anywhere. 
> 
> Can someone clear my doubt related to this??
> 
For example take the invalid contextName.

- Sect 3.2 item 1) in RFC2575 tells the code to return a
  noSuchContext error to the calling function.
- The calling function setp 5) in section 3.2 of RFC2573
  and it then (on page 12) states:
     -  If the isAccessAllowed ASI returns a noSuchContext error,
        processing of the management operation is halted, no result PDU
        is generated, the snmpUnknownContexts counter is incremented,
        and control is passed to step (6) below.
- That step 6 then results in a reportPDU being returned to the
  originator of the SNMP message (i.e. a Command Generator) and
  so it knows about a noSuchContext error.

Hope this helps you to find the paths for the other errors
you suggested.

Bert
> thx,
> 
> chintan
> 
> __________________________________________________
> Do you Yahoo!?
> New DSL Internet Access from SBC & Yahoo!
> http://sbc.yahoo.com
>