RE: [Isms] #1: is it important to support anonymous user accesstoSNMP?

["Blumenthal, Uri" <uri.blumenthal at intel.com>]

>> Consider a public facility (maybe a library) that has free
>> network access. Consider management applications that could
>> be used to determine the availability of some resource
>> (such as a printer). In this situation, it would be
>> impractical to give each user a unique identity so
>> that they could use SNMP to determine the status
>> of the printers. If the identities of the printers
>> were not authenticated (or the communication not
>> integrity checked) then someone could fake that
>> a printer was unavailable so that they could
>> have exclusive access.
>
>The much simpler approach is to give the printer-monitoring
>application installed on the public computers its own credentials -
>the application is mapped to a securityName, and the application is
>allowed to see specific portions of the SNMP data. 

I agree with Dave Perkins here. "Semi-anonymous" access (where the
server is authenticated to an anonymous client) has its merits, and is
useful for SNMP; for monitoring and not management.

>Human users have anonymous access to the application, which has access
>to the SNMP data and would presumably interpret the data and display
>the interpretation in a form suitable for human consumption.

IMHO this is possible but impractical, at least much less practical than
what Dave P. outlined.

_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms