[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: architecture and security
HI,
Consider ifNumber. If a device has, say, 4 interfaces,
but only a single one allows access to management info,
then it appears that the management info is incorrect,
since ifNumber will be 4 but only one interface is
in the table.
If you go through all MIB modules and try to set up
VACM so that a limited set of info is available, then
you will most likely end up with a set of management
info that is accessible that appears is coming
from a broken SNMP agent.
You have to go through each on a case by case bases.
On Mon, 10 Apr 2006, Randy Presuhn wrote:
> Hi -
>
> > From: "David T. Perkins" <dperkins@dsperkins.com>
> > To: "Randy Presuhn" <randy_presuhn@mindspring.com>
> > Cc: "Netconf (E-mail)" <netconf@ops.ietf.org>
> > Sent: Monday, April 10, 2006 11:34 AM
> > Subject: Re: architecture and security
> ...
> > Given the desire "to make part of management information
> > such as that for a single interface available to users
> > of that part and not to other users", SNMPv3 attempts
> > to do this via setting up VACM authorization rules.
> > The result is an inconsistent set of management info.
> ...
>
> How so?
>
> Randy
Regards,
/david t. perkins
--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>