Hi Herbert,
Nways Manager doesn't care for UNIX or NetView logins. So anyone who can
log into NetView can start the Nways Manager and configure IBM devices.
NetView doesn't support per-user communities either. So every NetView user
has the same read- and write-communities.
A way to disable the Nways Manager to non authorized users is to modify
Nways Manager registration files that start Nways Manager processes. Deny
read-access to the Nways registration files for these users.
Herbert Kinzler <herbert.kinzler@BASF-C-S.DE> am 29.06.98 17:26:52
Bitte antworten an Discussion of IBM NetView and POLYCENTER Manager on
NetView et alia <NV-L@UCSBVM.UCSB.EDU>
An: NV-L@UCSBVM.UCSB.EDU
Kopie: (Blindkopie: Jürgen Strittmatter/Infra CS)
Thema: SNMP Setup / Netview Security
Hi there,
we are using Netview/6000 4.1 and Nways Campus Manager to manage
several 8270, 2216 etc.
At the devices we have defined two communities:
user (read-only) and superuser (read-write).
In NV6000 we defined also both, user and superuser. But only superuser
was defined in the SNMP Config.
with 'Set Community'.
We have also Netview Security activ, here we defined also two users:
user and superuser.
The userid 'user' belongs to the group 'Oper', this group should not
be able to reset the 8270 via the
Nways Device Management Submap (PSM).
But it seems that NV uses always the community with the 'set
community' attribute on - regardles of the
NV6000 userid (and there predefined rights).
Our goal is that no NV6000 user, which belongs to group 'Oper', is
able to reset any device or interface
via NV6000 or Nways Campus Manager.
Thanks in advance,
Herbert Kinzler
BCS/NET
Mit freundlichen Grüßen
Jürgen Strittmatter / js , GS KA
Neef Elektrotechnik GmbH & Co.
Systemhaus für Gebäude- und Kommunikationstechnik
Unternehmen der Sulzer Infra
Windeckstrasse 9 76135 Karlsruhe
Tel: 0721/8606-233
E-Mail/Internet: Juergen_Strittmatter @neef.de
Notes: Jürgen Strittmatter/Infra CS @SULZERINFRA
|