summaryrefslogtreecommitdiff
path: root/doc/bird.sgml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/bird.sgml')
-rw-r--r--doc/bird.sgml33
1 files changed, 32 insertions, 1 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml
index 00b449da..a25d8b78 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -1029,6 +1029,15 @@ protocol ospf <name> {
strict nonbroadcast <switch>;
authentication [none|simple];
password "<text>";
+ passwords {
+ password "<text>" {
+ id <num>;
+ generate from <date>;
+ generate to <date>;
+ accept from <date>;
+ accept to <date>;
+ };
+ };
neighbors {
<ip>;
<ip> eligible;
@@ -1143,8 +1152,30 @@ protocol ospf <name> {
lacking this password are ignored. This authentication mechanism is
very weak.
+ <tag>authentication cryptographic</tag>
+ 16-byte long md5 digest is appended to every packet. For the digest
+ generation 16-byte long passwords are used. Those passwords are
+ not sent via network, so this mechanismus is quite secure.
+ Packets can still be read by an attacker.
+
<tag>password "<M>text</M>"</tag>
- An 8-byte password used for authentication.
+ An 8-byte or 16-byte password used for authentication.
+
+ <tag>id <M>num</M></tag>
+ ID of the password, (0-255). If it's not used, BIRD will choose
+ some automatically.
+
+ <tag>generate from <M>date</M></tag>
+ The start time of the usage of the password for packet signing.
+
+ <tag>generate to <M>date</M></tag>
+ The last time of the usage of the password for packet signing.
+
+ <tag>accept from <M>date</M></tag>
+ The start time of the usage of the password for packet verification.
+
+ <tag>accept to <M>date</M></tag>
+ The last time of the usage of the password for packet verification.
<tag>neighbors { <m/set/ } </tag>
A set of neighbors to which Hello messages on nonbroadcast networks