Configuration and Proxying With JDMK

In Sun systems where both JDMK and the SMA are present, the SMA by default resides on port 161. JDMK agents can publish their SNMP MIBs by being proxied from the SMA. Proxying can be set up using the proxy forwarding mechanism within the SMA. See Example 3–1.

Security must to be handled by the master agent, which is the SMA, and by the proxied JDMK agent. Security parameters that are contained in the proxy definition are forwarded to the proxied JDMK agent. If the request passes the SMA authentication and authorization and is forwarded to its proxy handler, then the dispatched request is proxied to the JDMK agent. The JDMK agent has its own local datastore that authorizes or rejects the message.

If several JDMK agents have the same MIB, SNMP contexts must be used in conjunction with proxying to differentiate between different instances of the same MIB. The context name can be based on the process ID. Alternatively, the context name can be based on the port on which the JDMK agent is running.

Example 3–1 Adding a JDMK Proxy Statement

Incoming requests for the JDMK agent can be received by the System Management Agent and then proxied to the JDMK agent. Set JDMK proxy entries using the proxy token in the main snmpd.conf configuration file. Add a proxy statement, such as the following:

# proxy --Cn jdmkMib -v3 -a MD5 -u
 SecureUser -l authNopriv -A 12345678 localhost:10161  1.3.6.1.4.1.42.5000.2

In this example, a MIB is running on port 10161 and registers the MIB region 1.3.6.1.4.1.42.5000 under the context jdmkMib. The user, who is named SecureUser, must also exist in the JDMK USM. The SecureUser user must allow a security level of auth with HMACMD5 as the authentication algorithm. For more information on authentication algorithms, see Authentication Protocol Algorithms.

See the snmpd.conf(4) man page for more information. For more information about how proxying is set up, see Proxy Handling for Solstice Enterprise Agents Requests.