RE: [Isms] #1: is it important to support anonymous user accesstoSNMP?

["Salowey, Joe" <jsalowey at cisco.com>]

Since it seems like we are talking about unauthenticated access I see
this as more of an operational issue than something that would require
much, if any, protocol specification.  If unauthenticated access is
really required then operational conventions can be developed to support
this within the current authentication framework of SSH.  


David B Harrington wrote:
> This approach is already being used by NMS systems today. I
> don't see why it would be impractical.
> 
> 
> 
>> -----Original Message-----
>> From: isms-bounces at lists.ietf.org
>> [mailto:isms-bounces at lists.ietf.org] On Behalf Of Blumenthal, Uri
>> Sent: Friday, October 21, 2005 9:08 AM
>> To: isms at ietf.org
>> Subject: RE: [Isms] #1: is it important to support anonymous user
>> accesstoSNMP? 
>> 
>>>> Consider a public facility (maybe a library) that has free network
>>>> access. Consider management applications that could be used to
>>>> determine the availability of some resource (such as a printer). In
>>>> this situation, it would be impractical to give each user a unique
>>>> identity so that they could use SNMP to determine the status of the
>>>> printers. If the identities of the printers were not authenticated
>>>> (or the communication not integrity checked) then someone could
>>>> fake that a printer was unavailable so that they could have
>>>> exclusive access.
>>> 
>>> The much simpler approach is to give the printer-monitoring
>>> application installed on the public computers its own credentials -
>>> the application is mapped to a securityName, and the application is
>>> allowed to see specific portions of the SNMP data.
>> 
>> I agree with Dave Perkins here. "Semi-anonymous" access (where the
>> server is authenticated to an anonymous client) has its merits, and
>> is useful for SNMP; for monitoring and not management.
>> 
>>> Human users have anonymous access to the application, which has
>>> access to the SNMP data and would presumably interpret the data and
>>> display the interpretation in a form suitable for human consumption.
>> 
>> IMHO this is possible but impractical, at least much less practical
>> than what Dave P. outlined. 
>> 
>> _______________________________________________
>> Isms mailing list
>> Isms at lists.ietf.org
>> https://www1.ietf.org/mailman/listinfo/isms
>> 
> 
> 
> 
> _______________________________________________
> Isms mailing list
> Isms at lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/isms

_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms