Update of the documentation. (passwords and md5).

Option for md5 auth in config.
This commit is contained in:
Ondrej Filip 2004-06-26 22:52:39 +00:00
parent 3e2bd0f17a
commit ea357b8b6d
2 changed files with 34 additions and 2 deletions

View file

@ -1029,6 +1029,15 @@ protocol ospf <name> {
strict nonbroadcast <switch>; strict nonbroadcast <switch>;
authentication [none|simple]; authentication [none|simple];
password "<text>"; password "<text>";
passwords {
password "<text>" {
id <num>;
generate from <date>;
generate to <date>;
accept from <date>;
accept to <date>;
};
};
neighbors { neighbors {
<ip>; <ip>;
<ip> eligible; <ip> eligible;
@ -1143,8 +1152,30 @@ protocol ospf <name> {
lacking this password are ignored. This authentication mechanism is lacking this password are ignored. This authentication mechanism is
very weak. very weak.
<tag>authentication cryptographic</tag>
16-byte long md5 digest is appended to every packet. For the digest
generation 16-byte long passwords are used. Those passwords are
not sent via network, so this mechanismus is quite secure.
Packets can still be read by an attacker.
<tag>password "<M>text</M>"</tag> <tag>password "<M>text</M>"</tag>
An 8-byte password used for authentication. An 8-byte or 16-byte password used for authentication.
<tag>id <M>num</M></tag>
ID of the password, (0-255). If it's not used, BIRD will choose
some automatically.
<tag>generate from <M>date</M></tag>
The start time of the usage of the password for packet signing.
<tag>generate to <M>date</M></tag>
The last time of the usage of the password for packet signing.
<tag>accept from <M>date</M></tag>
The start time of the usage of the password for packet verification.
<tag>accept to <M>date</M></tag>
The last time of the usage of the password for packet verification.
<tag>neighbors { <m/set/ } </tag> <tag>neighbors { <m/set/ } </tag>
A set of neighbors to which Hello messages on nonbroadcast networks A set of neighbors to which Hello messages on nonbroadcast networks

View file

@ -24,7 +24,7 @@ CF_DECLS
CF_KEYWORDS(OSPF, AREA, OSPF_METRIC1, OSPF_METRIC2, OSPF_TAG) CF_KEYWORDS(OSPF, AREA, OSPF_METRIC1, OSPF_METRIC2, OSPF_TAG)
CF_KEYWORDS(NEIGHBORS, RFC1583COMPAT, STUB, TICK, COST, RETRANSMIT) CF_KEYWORDS(NEIGHBORS, RFC1583COMPAT, STUB, TICK, COST, RETRANSMIT)
CF_KEYWORDS(HELLO, TRANSMIT, PRIORITY, DEAD, NONBROADCAST, POINTOPOINT, TYPE) CF_KEYWORDS(HELLO, TRANSMIT, PRIORITY, DEAD, NONBROADCAST, POINTOPOINT, TYPE)
CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT) CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT, CRYPTOGRAPHIC)
CF_KEYWORDS(ELIGIBLE, POLL, NETWORKS, HIDDEN, VIRTUAL, LINK) CF_KEYWORDS(ELIGIBLE, POLL, NETWORKS, HIDDEN, VIRTUAL, LINK)
%type <t> opttext %type <t> opttext
@ -135,6 +135,7 @@ ospf_iface_item:
| NEIGHBORS '{' ipa_list '}' | NEIGHBORS '{' ipa_list '}'
| AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; } | AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; }
| AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; } | AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; }
| AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; }
| password_list {OSPF_PATT->passwords = $1; } | password_list {OSPF_PATT->passwords = $1; }
; ;