From 4fc7085cfa36103b491aec130346f1a632187849 Mon Sep 17 00:00:00 2001 From: paul Date: Sun, 12 Sep 2004 05:48:35 +0000 Subject: 2004-09-11 Paul Jakma * ospfd.texi: OSPF MD5 auth requires stable time. --- doc/ChangeLog | 4 ++++ doc/ospfd.texi | 7 ++++++- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/ChangeLog b/doc/ChangeLog index 97dddece..243ff96c 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2004-09-11 Paul Jakma + + * ospfd.texi: OSPF MD5 auth requires stable time. + 2004-08-31 Hasso Tepper * zebra.8: Document -s/--nl-bufsize command line switch. diff --git a/doc/ospfd.texi b/doc/ospfd.texi index 594845ca..842dfcf4 100644 --- a/doc/ospfd.texi +++ b/doc/ospfd.texi @@ -258,7 +258,12 @@ all OSPF packets are authenticated. @var{AUTH_KEY} has length up to 8 chars. @deffnx {Interface Command} {no ip ospf message-digest-key} {} Set OSPF authentication key to a cryptographic password. The cryptographic algorithm is MD5. KEYID identifies secret key used to create the message -digest. KEY is the actual message digest key up to 16 chars. +digest. KEY is the actual message digest key up to 16 chars. Note that OSPF +MD5 authentication requires that time never go backwards, even across +resets, if ospfd is to be able to promptly reestabish adjacencies with it's +neighbours after restarts/reboots. The host should have system time be set +at boot from an external source (eg battery backed clock, NTP, etc.) if MD5 +authentication is to be expected to work reliably. @end deffn @deffn {Interface Command} {ip ospf cost <1-65535>} {} -- cgit v1.2.1