diff options
author | Ondrej Filip <feela@network.cz> | 2004-06-27 00:52:39 +0200 |
---|---|---|
committer | Ondrej Filip <feela@network.cz> | 2004-06-27 00:52:39 +0200 |
commit | ea357b8b6de387a55930a3fc831b8ccbcef24582 (patch) | |
tree | 3378c06c03ce2519398a55b34aa5d597a232a323 /doc | |
parent | 3e2bd0f17aab3d2bd460d5f7aef4d3bc152ea1ab (diff) | |
download | bird-ea357b8b6de387a55930a3fc831b8ccbcef24582.tar bird-ea357b8b6de387a55930a3fc831b8ccbcef24582.zip |
Update of the documentation. (passwords and md5).
Option for md5 auth in config.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/bird.sgml | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml index 00b449d..a25d8b7 100644 --- a/doc/bird.sgml +++ b/doc/bird.sgml @@ -1029,6 +1029,15 @@ protocol ospf <name> { strict nonbroadcast <switch>; authentication [none|simple]; password "<text>"; + passwords { + password "<text>" { + id <num>; + generate from <date>; + generate to <date>; + accept from <date>; + accept to <date>; + }; + }; neighbors { <ip>; <ip> eligible; @@ -1143,8 +1152,30 @@ protocol ospf <name> { lacking this password are ignored. This authentication mechanism is very weak. + <tag>authentication cryptographic</tag> + 16-byte long md5 digest is appended to every packet. For the digest + generation 16-byte long passwords are used. Those passwords are + not sent via network, so this mechanismus is quite secure. + Packets can still be read by an attacker. + <tag>password "<M>text</M>"</tag> - An 8-byte password used for authentication. + An 8-byte or 16-byte password used for authentication. + + <tag>id <M>num</M></tag> + ID of the password, (0-255). If it's not used, BIRD will choose + some automatically. + + <tag>generate from <M>date</M></tag> + The start time of the usage of the password for packet signing. + + <tag>generate to <M>date</M></tag> + The last time of the usage of the password for packet signing. + + <tag>accept from <M>date</M></tag> + The start time of the usage of the password for packet verification. + + <tag>accept to <M>date</M></tag> + The last time of the usage of the password for packet verification. <tag>neighbors { <m/set/ } </tag> A set of neighbors to which Hello messages on nonbroadcast networks |