[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: VACM - noaccess(6) error status

To: "Wijnen, Bert \(Bert\)" <bwijnen@lucent.com>
Subject: RE: VACM - noaccess(6) error status
From: chintan sheth <shethch@yahoo.com>
Date: Thu, 26 Sep 2002 16:07:12 -0700 (PDT)
Cc: mibs@ops.ietf.org
In-reply-to: <A451D5E6F15FD211BABC0008C7FAD7BC0EFFE5F1@nl0006exch003u.nl.lucent.com>

Hi Bert,

If in VACM the isAccessAllowed() module returns
'notInView' error then the response-pdu should contain
noAccess(6) or genError(5) as specified in RFC 2573.

Just wanted to confirm this one more time.

thx,

chintan

--- "Wijnen, Bert (Bert)" <bwijnen@lucent.com> wrote:
> > hi,
> > 
> > An SNMPv3 agent which implements VACM has for eg.
> > "systems" group of MIB-II configured to be
> accessed
> > only by a user that implements authentication and
> > privacy.
> I doubt that it is "implemented" that way.
> Rather, the agent may have been "configured" that
> way.
> 
> > My question is suppose an unauthorized user
> > tries to access any mib object under "systems"
> group
> > using invalid context-name, invalid view-name,
> invalid
> > group name etc. then for all such attempts will
> the
> > error-status "noAccess(6)" be returned or it will
> be
> > something else. Though i saw error conventions
> like
> > notInView, noSuchContext, noGroupName etc. in RFC
> > 2575, i didnt find any error-status definitions
> like
> > noaccess(6) anywhere. 
> > 
> > Can someone clear my doubt related to this??
> > 
> For example take the invalid contextName.
> 
> - Sect 3.2 item 1) in RFC2575 tells the code to
> return a
>   noSuchContext error to the calling function.
> - The calling function setp 5) in section 3.2 of
> RFC2573
>   and it then (on page 12) states:
>      -  If the isAccessAllowed ASI returns a
> noSuchContext error,
>         processing of the management operation is
> halted, no result PDU
>         is generated, the snmpUnknownContexts
> counter is incremented,
>         and control is passed to step (6) below.
> - That step 6 then results in a reportPDU being
> returned to the
>   originator of the SNMP message (i.e. a Command
> Generator) and
>   so it knows about a noSuchContext error.
> 
> Hope this helps you to find the paths for the other
> errors
> you suggested.
> 
> Bert
> > thx,
> > 
> > chintan
> > 
> > __________________________________________________
> > Do you Yahoo!?
> > New DSL Internet Access from SBC & Yahoo!
> > http://sbc.yahoo.com
> > 
> 


___

References:
- RE: VACM - noaccess(6) error status
  - From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>

Prev by Date: RE: VACM - noaccess(6) error status
Next by Date: RE: VACM - noaccess(6) error status
Previous by thread: RE: VACM - noaccess(6) error status
Next by thread: RE: VACM - noaccess(6) error status
Index(es):
- Date
- Thread