RE: [Isms] #1: is it important to support anonymous user accesstoSNMP?

["Kaushik Narayan \(kaushik\)" <kaushik at cisco.com>]

 I really don't see any serious SNMP use cases that might require
anonymous user support. I completely agree with David here, we should
use capabilities from SSH based on what's needed for SNMP.

-----Original Message-----
From: isms-bounces at lists.ietf.org [mailto:isms-bounces at lists.ietf.org]
On Behalf Of Sam Hartman
Sent: Monday, October 24, 2005 3:16 PM
To: ietfdbh at comcast.net
Cc: isms at ietf.org
Subject: Re: [Isms] #1: is it important to support anonymous user
accesstoSNMP?

>>>>> "David" == David B Harrington <ietfdbh at comcast.net> writes:


    David> Personally, rather than seeing support for a wide variety
    David> of authentication alternatives, I'd like to see us support
    David> the widely-deployed SSH authentication mechanisms that
    David> serve SNMP needs. I am willing to accept that we should
    David> support any authentication mechanism REQUIRED or
    David> RECOMMENDED for use with the SecSH standard.

I think as a matter of architectural sanity you need to support any
authentication mechanism that works with the ssh protocol regardless of
whether it is recommended for use.

    David> Is anonymous SSH authentication supported by the secsh
    David> standards?

Sure.  Two ways.  The easiest is that the server simply returns success
when you start user authentication instead of giving you methods to
choose from.  I've also seen servers that offer keyboard-interactive and
when you select it simply return success.
The second is that you have some well known credential.

--Sam


_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms