[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: VACM - noaccess(6) error status

To: mibs@ops.ietf.org
Subject: RE: VACM - noaccess(6) error status
From: Randy Presuhn <rpresuhn@dorothy.bmc.com>
Date: Thu, 26 Sep 2002 17:51:14 -0700 (PDT)

Hi -

> Message-ID: <20020926230712.68889.qmail@web14201.mail.yahoo.com>
> Date: Thu, 26 Sep 2002 16:07:12 -0700 (PDT)
> From: chintan sheth <shethch@yahoo.com>
> Subject: RE: VACM - noaccess(6) error status
> To: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
> Cc: mibs@ops.ietf.org
> In-Reply-To: <A451D5E6F15FD211BABC0008C7FAD7BC0EFFE5F1@nl0006exch003u.nl.lucent.com>
...
> If in VACM the isAccessAllowed() module returns
> 'notInView' error then the response-pdu should contain
> noAccess(6) or genError(5) as specified in RFC 2573.
...

It depends on the type of request.  If it's a SetRequest, per
RFC 1905 clause 4.2.5 (1), it'd be noAccess.  If a GetRequest,
then RFC 1905 clause 4.2.1 applies.  Whether it's 4.2.1(2) or
4.2.1(3) has been argued in the past; the consensus, I believe,
is noSuchObject.  See the thread in the snmpv3 WG archives
starting in February 1999 entitled "Authorization errors".

For additional historical discussion, see
ftp://amethyst.bmc.com/pub/snmpv3/Update567/rfc1905/issue1905-19.html

 ------------------------------------------------------
 Randy Presuhn          BMC Software, Inc.  SJC-1.3141
 randy_presuhn@bmc.com  2141 North First Street
 Tel: +1 408 546-1006   San José, California 95131  USA
 ------------------------------------------------------
 My opinions and BMC's are independent variables.
 ------------------------------------------------------

Prev by Date: RE: VACM - noaccess(6) error status
Next by Date: Re: Help/guidance on L2TPv3 MIB draft
Previous by thread: RE: VACM - noaccess(6) error status
Index(es):
- Date
- Thread