diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/bird.sgml | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml index 653e0bb5..1a5fbaff 100644 --- a/doc/bird.sgml +++ b/doc/bird.sgml @@ -1764,9 +1764,20 @@ using the following configuration parameters: only. Default: disabled. <tag>password <m/string/</tag> - Use this password for MD5 authentication of BGP sessions. Default: no - authentication. Password has to be set by external utility - (e.g. setkey(8)) on BSD systems. + Use this password for MD5 authentication of BGP sessions (RFC 2385). + When used on BSD systems, see also <cf/setkey/ option below. Default: + no authentication. + + <tag>setkey <m/switch/</tag> + On BSD systems, keys for TCP MD5 authentication are stored in the global + SA/SP database, which can be accessed by external utilities (e.g. + setkey(8)). BIRD configures security associations in the SA/SP database + automatically based on <cf/password/ options (see above), this option + allows to disable automatic updates by BIRD when manual configuration by + external utilities is preferred. Note that automatic SA/SP database + updates are currently implemented only for FreeBSD. Passwords have to be + set manually by an external utility on NetBSD and OpenBSD. Default: + enabled (ignored on non-FreeBSD). <tag>passive <m/switch/</tag> Standard BGP behavior is both initiating outgoing connections and |