diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/bird.sgml | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml index 00b449da..a25d8b78 100644 --- a/doc/bird.sgml +++ b/doc/bird.sgml @@ -1029,6 +1029,15 @@ protocol ospf <name> { strict nonbroadcast <switch>; authentication [none|simple]; password "<text>"; + passwords { + password "<text>" { + id <num>; + generate from <date>; + generate to <date>; + accept from <date>; + accept to <date>; + }; + }; neighbors { <ip>; <ip> eligible; @@ -1143,8 +1152,30 @@ protocol ospf <name> { lacking this password are ignored. This authentication mechanism is very weak. + <tag>authentication cryptographic</tag> + 16-byte long md5 digest is appended to every packet. For the digest + generation 16-byte long passwords are used. Those passwords are + not sent via network, so this mechanismus is quite secure. + Packets can still be read by an attacker. + <tag>password "<M>text</M>"</tag> - An 8-byte password used for authentication. + An 8-byte or 16-byte password used for authentication. + + <tag>id <M>num</M></tag> + ID of the password, (0-255). If it's not used, BIRD will choose + some automatically. + + <tag>generate from <M>date</M></tag> + The start time of the usage of the password for packet signing. + + <tag>generate to <M>date</M></tag> + The last time of the usage of the password for packet signing. + + <tag>accept from <M>date</M></tag> + The start time of the usage of the password for packet verification. + + <tag>accept to <M>date</M></tag> + The last time of the usage of the password for packet verification. <tag>neighbors { <m/set/ } </tag> A set of neighbors to which Hello messages on nonbroadcast networks |