Can't poll PAM using SNMP v3
search cancel

Can't poll PAM using SNMP v3


Article ID: 15938


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


I am trying to obtain information from the CA PAM MIB using v3. I am running the following query:

snmpwalk -v 3 -u snmppoll -a SHA -A auth1234 -x DES -X priv1234 UCD-SNMP-MIB::memory 

But I am always getting:

Error in packet. 
Reason: authorizationError (access denied to that object) 

However, if I use

 snmpwalk -v 2c -c xcdgkpub UCD-SNMP-MIB::memory

This works

What is the correct syntax ?


Release: PAMDKT99500-2.8-Privileged Access Manager-NSX API PROXY


Each user has a name (called a securityName) an authentication type (authProtocol) and a privacy type (privProtocol) as well as associated keys for each of these (authKey and privKey).

Authentication is performed by using a users authKey to sign the message being sent. The authProtocol can be either MD5 or SHA at this time. authKeys (and privKeys) are generated from a passphrase that must be at least 8 characters in length.

Authentication is performed by using a users privKey to encrypt the data portion the message being sent. The privProtocol can only be DES at this time.

Messages can be be sent unauthenticated, authenticated, or authenticated and encrypted by setting the securityLevel to use. In this case, since we want to use both an authkey and a privkey we will specify the security level of the user as requiring authentication and encryption.

In this case we have specified the authorization and encryption but we have not specified the corresponding security level.

So the correct syntax would be:

snmpwalk -v 3 -u snmppoll -l AuthPriv -a SHA -A auth1234 -x AES -X priv1234 UCD-SNMP-MIB::memory

Note that the -a specifies the authorization protocol and -x the encryption protocol. SHA works well with AES, whereas -l specifies the security level