summaryrefslogtreecommitdiffstats
path: root/doc/bird.sgml
diff options
context:
space:
mode:
authorOndrej Filip <feela@network.cz>2004-06-27 00:52:39 +0200
committerOndrej Filip <feela@network.cz>2004-06-27 00:52:39 +0200
commitea357b8b6de387a55930a3fc831b8ccbcef24582 (patch)
tree3378c06c03ce2519398a55b34aa5d597a232a323 /doc/bird.sgml
parent3e2bd0f17aab3d2bd460d5f7aef4d3bc152ea1ab (diff)
downloadbird-ea357b8b6de387a55930a3fc831b8ccbcef24582.tar
bird-ea357b8b6de387a55930a3fc831b8ccbcef24582.zip
Update of the documentation. (passwords and md5).
Option for md5 auth in config.
Diffstat (limited to 'doc/bird.sgml')
-rw-r--r--doc/bird.sgml33
1 files changed, 32 insertions, 1 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml
index 00b449d..a25d8b7 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -1029,6 +1029,15 @@ protocol ospf &lt;name&gt; {
strict nonbroadcast &lt;switch&gt;;
authentication [none|simple];
password "&lt;text&gt;";
+ passwords {
+ password "&lt;text&gt;" {
+ id &lt;num&gt;;
+ generate from &lt;date&gt;;
+ generate to &lt;date&gt;;
+ accept from &lt;date&gt;;
+ accept to &lt;date&gt;;
+ };
+ };
neighbors {
&lt;ip&gt;;
&lt;ip&gt; eligible;
@@ -1143,8 +1152,30 @@ protocol ospf &lt;name&gt; {
lacking this password are ignored. This authentication mechanism is
very weak.
+ <tag>authentication cryptographic</tag>
+ 16-byte long md5 digest is appended to every packet. For the digest
+ generation 16-byte long passwords are used. Those passwords are
+ not sent via network, so this mechanismus is quite secure.
+ Packets can still be read by an attacker.
+
<tag>password "<M>text</M>"</tag>
- An 8-byte password used for authentication.
+ An 8-byte or 16-byte password used for authentication.
+
+ <tag>id <M>num</M></tag>
+ ID of the password, (0-255). If it's not used, BIRD will choose
+ some automatically.
+
+ <tag>generate from <M>date</M></tag>
+ The start time of the usage of the password for packet signing.
+
+ <tag>generate to <M>date</M></tag>
+ The last time of the usage of the password for packet signing.
+
+ <tag>accept from <M>date</M></tag>
+ The start time of the usage of the password for packet verification.
+
+ <tag>accept to <M>date</M></tag>
+ The last time of the usage of the password for packet verification.
<tag>neighbors { <m/set/ } </tag>
A set of neighbors to which Hello messages on nonbroadcast networks