Update of the documentation. (passwords and md5).
Option for md5 auth in config.
This commit is contained in:
parent
3e2bd0f17a
commit
ea357b8b6d
2 changed files with 34 additions and 2 deletions
|
@ -1029,6 +1029,15 @@ protocol ospf <name> {
|
|||
strict nonbroadcast <switch>;
|
||||
authentication [none|simple];
|
||||
password "<text>";
|
||||
passwords {
|
||||
password "<text>" {
|
||||
id <num>;
|
||||
generate from <date>;
|
||||
generate to <date>;
|
||||
accept from <date>;
|
||||
accept to <date>;
|
||||
};
|
||||
};
|
||||
neighbors {
|
||||
<ip>;
|
||||
<ip> eligible;
|
||||
|
@ -1143,8 +1152,30 @@ protocol ospf <name> {
|
|||
lacking this password are ignored. This authentication mechanism is
|
||||
very weak.
|
||||
|
||||
<tag>authentication cryptographic</tag>
|
||||
16-byte long md5 digest is appended to every packet. For the digest
|
||||
generation 16-byte long passwords are used. Those passwords are
|
||||
not sent via network, so this mechanismus is quite secure.
|
||||
Packets can still be read by an attacker.
|
||||
|
||||
<tag>password "<M>text</M>"</tag>
|
||||
An 8-byte password used for authentication.
|
||||
An 8-byte or 16-byte password used for authentication.
|
||||
|
||||
<tag>id <M>num</M></tag>
|
||||
ID of the password, (0-255). If it's not used, BIRD will choose
|
||||
some automatically.
|
||||
|
||||
<tag>generate from <M>date</M></tag>
|
||||
The start time of the usage of the password for packet signing.
|
||||
|
||||
<tag>generate to <M>date</M></tag>
|
||||
The last time of the usage of the password for packet signing.
|
||||
|
||||
<tag>accept from <M>date</M></tag>
|
||||
The start time of the usage of the password for packet verification.
|
||||
|
||||
<tag>accept to <M>date</M></tag>
|
||||
The last time of the usage of the password for packet verification.
|
||||
|
||||
<tag>neighbors { <m/set/ } </tag>
|
||||
A set of neighbors to which Hello messages on nonbroadcast networks
|
||||
|
|
|
@ -24,7 +24,7 @@ CF_DECLS
|
|||
CF_KEYWORDS(OSPF, AREA, OSPF_METRIC1, OSPF_METRIC2, OSPF_TAG)
|
||||
CF_KEYWORDS(NEIGHBORS, RFC1583COMPAT, STUB, TICK, COST, RETRANSMIT)
|
||||
CF_KEYWORDS(HELLO, TRANSMIT, PRIORITY, DEAD, NONBROADCAST, POINTOPOINT, TYPE)
|
||||
CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT)
|
||||
CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT, CRYPTOGRAPHIC)
|
||||
CF_KEYWORDS(ELIGIBLE, POLL, NETWORKS, HIDDEN, VIRTUAL, LINK)
|
||||
|
||||
%type <t> opttext
|
||||
|
@ -135,6 +135,7 @@ ospf_iface_item:
|
|||
| NEIGHBORS '{' ipa_list '}'
|
||||
| AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; }
|
||||
| AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; }
|
||||
| AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; }
|
||||
| password_list {OSPF_PATT->passwords = $1; }
|
||||
;
|
||||
|
||||
|
|
Loading…
Reference in a new issue