Password Protection

Password-based protection restricts client access to agent applications. All HTTP-based communication provide login and password based authentication, as does the SNMP protocol adaptor.

Password protection can be used to associate managers with a set of privileges which determine access right to agents. The user is free to implement whatever access policy is needed on top of the password authentication mechanism.

HTTP Connectors

Both HTTP and HTTPS connectors provide login and password-based authentication. The server component contains the list of allowed login identifiers and their password. Management applications must specify the login and password information in the address object when establishing a connection.

If the list of recognized clients is empty, no authentication is performed and access is granted to all clients; this is the default behavior.

HTML Protocol Adaptor

Since the HTML protocol adaptor relies on HTTP messaging, it also implements password protection. The agent application specifies the list of allowed login identifiers and their password when creating the HTML adaptor. When password protection in enabled in HTML, the web browser usually displays a dialog box for users to enter their login and password.

In general, the security mechanisms of a protocol adapter depend upon the security features of the underlying protocol. The ability to use security mechanism also depends upon the functionality of the management console. If your web browser does not support the password dialog, you will not be able to access a password-protected HTML adaptor.

SNMP Access Control

SNMP defines an access control mechanism similar to password authentication. Lists of authorized manager hostnames are defined in an access control list (ACL) stored in an ACL file on the agent side. There are no passwords, but logical community names may be associated with authorized managers to define sets of allowed operations.

The SNMP adaptor will perform access control if an ACL file is defined. Because SNMP is a connectionless protocol, the manager host and community are verified with every incoming request. By default, the file is not loaded and any SNMP manager may send requests.

The ACL file is the default access control mechanism in the SNMP protocol adaptor. However, you may replace this default implementation with your own mechanism. For example, if your agent runs on a device with no file system, you could implement access control lists through a simple Java class.