[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: MIB
Spence, I am cc:-ing the mibs mailing list so that other MIB experts
can jump in if needed/wanted.
I think that from RFC2578, I must conclude that you can indeed
specify a MAX-ACCESS of read-write and then specify that under
certain circumstances, the access will only be read-only. After all
a MAX-ACCESS specifies the maximum access that makes sense,
and it does not mean that such access must always be provided.
However, it also seems to me that the most proper place to
specify this is in a MODULE-COMPLIANCE statement, using a
MIN-ACCESS clause where you can list under what circumstances
or why a MIN-ACCESS of less than MAX-ACCESS should be
used.
However... it seems to me that the reason you list below is
not a proper reason to make something a MIN-ACCESS of read-only.
In my view, you would use the VACM table (can also be used with
SNMPv1, see RFC2576) to exlcude access without proper
authentication and/or privqacy.
Bert
> ----------
> From:
> Spencer.Giacalone@predictive.com[SMTP:Spencer.Giacalone@predictive.com]
> Sent: Friday, June 02, 2000 3:07 PM
> To: Wijnen, Bert (Bert)
> Cc: RJ Atkinson; djoyal@nortelnetworks.com
> Subject: MIB
>
>
> Bert,
>
> Is there a problem if you have a MIB object with MAX-ACCESS of read-write,
> but in the description you write that under certain scenarios the object
> should be read only? I tend to think this implies an illegal change of the
> object, although I am probably wrong. Please see example.
>
> Thanks,
>
> Spence
>
>
> "If the SNMP agent associated with a system implementing OSPF
> does
> not fully comply with SNMPv3 specifications (including full
> implementation of cryptographic authentication), that SNMP agent
> MUST handle this object as having a MAX-ACCESS value of read-only
> because of security risks."
>
>
>
>