glenn@ircache.net said:
> While looking at the current implimentation of SNMP in squid I have
> encountered a number of things that I would like some consensus on.
>
> The first is the use of acl's in the SNMP configuration. My current
> preference would be to drop this feature totally and rely upon the
> use of community strings. This would reduce complexity and make the
> code considerably cleaner. Giving a config of:
>
> snmp_port 3401
>
> snmp_agent_conf community mysecretcommunity
>
Well I would oppose this - for 2 reasons:
i) VACM (View based Access Control Model) is in forthcoming SNMP v3 -
admittedly the ACLs do not quite match up with new ones (based on UCD-SNMP
config experiences) - are they SNMP v2p based?
ii) Secondly they do provide a useful security mechanism to restrict access.
How would this done without the ACLs?
I can see it would be nice to have a default config to make life simple, but
please do not throw away access control.
> The second would be to drop the ability for squid to forward SNMP.
>
I do not quite understand - is this to act as a sub-agent (as in agentX)? But
then I can find no mention of this in the FAQ - so what I do not know about I
will not miss!
> As part of these changes squid will no longer require the ability to
> read the mib file to startup. The library has been upgraded to remove
> a number of bugs and I will look at SNMP v2 support. These changes
> should also improve the startup time.
>
This should now be SNMP v3 - which is approaching standardisation - or may be
SNMP v2c - be careful as there is the failed SNMP v2 party model.
[SNIP]
>
> glenn
-- ----------------------------------------------------------------------------- | Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,| | Peter.Polkinghorne@brunel.ac.uk +44 1895 274000 x2561 UK | -----------------------------------------------------------------------------Received on Mon Oct 12 1998 - 09:35:20 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:27 MST