USM as global creds storage

Hello,

I have one Snmp object for the whole application to send request to different v3 devices.
USM is set only once:

OctetString engineId = new OctetString(MPv3.createLocalEngineID());
USM usm = new USM(securityProtocols, engineId, 0);

During every v3 request (GET/WALK) I prepare new UsmUser and add it to the USM’s users table:

UsmUser usmUser = new UsmUser(octetUser, authProtocolOid, octetAuthPass, privProtocolOid, octetPrivPass);
snmp.getUSM().addUser(usmUser);

There are some doubts from my side:

  1. Is add method works correct if different devices have the same username but different protocols/passes? Or it override map items by username every time?
  2. How I can correctly delete previous usmUser if credentials is changed on device (don’t want to collect unused creds in memory)?

Thank you in advance.

Please use localised USM user when possible to avoid clashes of users with the same name but different protocols and passphrases on different systems:

Using the new DirectUserTarget (SNMP4J 3.8.2) is very easy and you do not need to deal with the USM for handling authentication and privacy keys and protocols.

Hello,

Does snmp.discoverAuthoritativeEngineID(target.getAddress(), target.getTimeout()) not only return engineId for current target, but also add it to core engineIds table?

Because if it not, how does get/walk request understand that set target is known and creds (to it) are known inside Snmp object?

Regards.

It does not (like ping does not use any authentication or privacy). It simply checks if the agent is there and responding and if in theory SNMPv3 can be used (anything else should be used in production anyway).

Hello,

Am I understand correct, that if we have DirectUserTarget based on engineID = snmp.discoverAuthoritativeEngineID(address, timeout) we don’t need additional step “prepareUsmLocalizedUser” at all, cause DirectUserTarget does all under the stage?

Regards.

Yes, that is correct.
See also the fluent example on snmp4j.org main page. It is using the DirectUserTarget internally too.

Thanks for info above.

If we speak about SNMPv3 “context”, does UserTarget can store it somehow or only PDU should?

Regards.

Only the ScopedPDU stores context information.