7 Replies Latest reply on Feb 15, 2017 7:01 PM by ctlswadmin

    SNMPv3 Credential Report

    sotherls

      NPM 12.0.1

       

      Need to create a report which shows what the SNMPv3 Username, Authentication method, password, Privileged method and password are.

       

      Used to be able to do prior to 12 before they encrypted it?

       

      This would be used by administrators to check how their nodes are configured.

       

      Ideas?

        • Re: SNMPv3 Credential Report
          ctlswadmin

          Hey Sotherls,

           

          Is it safe to assume that all of your passwords are the same based on username ? Or is this the reason for seeking this report to find password typos.

           

          If your passwords always match the username, you could do a sql case statement around the username. I can write you up a query if you'd like, or if you just need the tables. This info is found on the credential and CredentialProperty table.

          • Re: SNMPv3 Credential Report
            sotherls

            Found it using SDK.

            I was able to create the report

            • Re: SNMPv3 Credential Report
              rschroeder

              I was speaking with a SW SE this week about similar topics, and I was lamenting the lack of the ability to discover credentials used by NCM after version 7.3.  He said he's heard that complaint a lot, but that SW government customers required it to be removed due to security concerns, so I won't be surprised if the GUI, SQL, or SWQL can't display them.

               

              However, if someone DOES have the process, it would be worth learning if you'd be so kind as to share it.  Sometimes troubleshooting is nice to do knowing the exact phrases (password or snmp-v3) that things SHOULD be using, then comparing to what NCM is actually trying to use against them.

                • Re: SNMPv3 Credential Report
                  ctlswadmin

                  That explains why they moved away from plain text credential storage. I do think that higher tier organizations have the resources to manipulate their vendor products to fit their needs. We encrypted snmp credentials on 10.7 I believe, might have been an earlier version.