[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Open LDAP and SNMP

To: "Mark H. Wood" <mwood@IUPUI.Edu>
Subject: Re: Open LDAP and SNMP
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 09 Apr 2003 17:31:50 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.33.0304090834490.22424-100000@mhw.ULib.IUPUI.Edu>
References: <Pine.LNX.4.33.0304090834490.22424-100000@mhw.ULib.IUPUI.Edu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312

Mark H. Wood wrote:

On Sat, 5 Apr 2003, [ISO-8859-1] Michael Ströder wrote:
[snip]

Personally I'm rather scared of security aspects with SNMP. But I'm not
really up-to-date with recent SNMP standardization/implementations.


Security in SNMPv1 and v2 is a cruel joke.  SNMPv3 has real cryptographic
authentication and privacy.  The greatest remaining problem in this area
is that many, many products still haven't implemented v3.


That's pretty much exactly like I suspected the situation to be.

I'd definitely prefer OpenLDAP to have admin capabilities via LDAP instead of bloating the code with SNMP. LDAP access can be secured by LDAPS, LDAPI, StartTLS ext.op. and could rely on the security model already implemented and well-understood by the OpenLDAP developers.

Adding SNMP would introduce a new security model. People in favor of SNMP support should implement their own admin gateways to an upcoming LDAP-based administration interface.

Ciao, Michael.

Follow-Ups:
- Re: Open LDAP and SNMP
  - From: vadim tarassov <vadim.tarassov@swissonline.ch>

References:
- Re: Open LDAP and SNMP
  - From: "Mark H. Wood" <mwood@IUPUI.Edu>

Prev by Date: userpassword encryption
Next by Date: Change of structural objectclasses illegal?
Index(es):
- Chronological
- Thread