Hi, On Wed, Jul 18, 2012 at 4:16 PM, Gerhard Roth <gerhard_r...@genua.de> wrote: > thanks for your thorough inspection of my code. I really appreciate this. > Please find my answers inline below. Hope I didn't miss one. >
Your latest diff looks good! I will test and have another look at the diff and implementation details tomorrow or on Friday. >> But... you should work with Markus to get SNMP over OpenSSH working >> ;-) (eg. RFC 5592). > > > In fact we thought about this. But then, are there any SNMP management > stations in the field that support this transport module? > I have no idea. Well, the question is if there are any stations with TSM support yet. AFAIK, TSM was defined with either SSH or DTLS by Cisco. So maybe Cisco is using it in some of their products? Maybe net-snmp. > >> Defining users in snmpd.conf(5) is fine, just as I did it for iked >> with iked.conf(5). But it reminds me that we should have a common >> possibility to connect all these daemons (iked, snmpd, npppd, ...) to >> an authentication backend like radius or LDAP. It would be nice to >> have a little radius/ldap client library (or just static .c-files) >> that can be used by all of them. > > > Maybe port OpenPAM to OpenBSD? ;) > My experience is that you can scare people with the word "PAM" ;-) Even if it's Open, but maybe I'm wrong, I haven't looked at it for a long time. >> I see that these are standard SNMPv3 terms but isn't there a way to >> find a better grammar for snmpd.conf(5)? > > > Fine with me. I'm not a fan of CameCase either. Just though that using > the terms from the RFC would make this easier to understand and match. > > > How about: > noAuthNoPriv -> none > authNoPriv -> auth > authPriv -> encr > Is there a better alternative for "encr"? Maybe just "enc" (I know it would complicate the grammar because it's a reserved keyword) or something more abstract like "high" or "all"? >> SNMPv3 is relatively hard to configure - at least in other SNMP >> implementations - we should make it easier! > > > No problem. I added a little bit more explanation now. > Just tell me what you think of it. > Yes, your manpage bits are better now. Thanks. Maybe you'll get more comments from jmc@, he always helped me a lot with improving the manpages. Reyk
