How to generate the usmUserAuthKey and usmUserPrivKey based on engine id, authPassword and privPassword

Pooja · January 18, 2017, 8:36am

how to generate the usmUserAuthKey and usmUserPrivKey based on engine id, authPassword and privPassword in confd

josephm · January 18, 2017, 9:45am

Hello,

i’m not sure what you’re asking specifically - whether how to get the value (1),or how to get it inside confd (2)…

(1)
Process of localizing the password + engine-id to localized key is described with some C code examples in RFC 3414.
See e.g. section “A.2.2. Password to Key Sample Code for SHA”. Section A.3 in RFC then gives some examples with input password/engine-id and output localized key values…

(2)
The yang model elements usmUserAuthKey/usmUserPrivKey need to store (depending on your config needs of course) the localized value (so that the SNMP agent behaves as expected) - so when you set these leaves via any interface to confd model, the value you want to set should be already localized…
This can vary depending on how the value get there - from other yang model via transformation - do the localization in transform callback; from some CLI command? do the localization in it’s callback… etc.

Pooja · January 18, 2017, 9:52am

One question. here snmpengineid used to generate the key is snmp client’s engine id or snmp agent’s engine id?

josephm · January 18, 2017, 10:31am

this depends on your specific deployment scenario - for local users you can use the agent’s engine-id, for remote users the corresponding engine-id’s specific to the user’s environment…