From e2ea9fef99392299d6291067522eef0d99e1714c Mon Sep 17 00:00:00 2001 From: paul Date: Mon, 11 Oct 2004 14:33:23 +0000 Subject: 2004-10-11 Paul Jakma * ospfd.texi: reformat the ospf md5 paragraph, add an additional way to work around bad clocks. --- doc/ChangeLog | 5 +++++ doc/ospfd.texi | 16 ++++++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) (limited to 'doc') diff --git a/doc/ChangeLog b/doc/ChangeLog index 625b2a74..7d1211c7 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,8 @@ +2004-10-11 Paul Jakma + + * ospfd.texi: reformat the ospf md5 paragraph, add an additional + way to work around bad clocks. + 2004-10-03 Hasso Tepper * vtysh.1: Update vtysh man page to reflect changes in shell. Remove diff --git a/doc/ospfd.texi b/doc/ospfd.texi index 842dfcf4..aa66ce15 100644 --- a/doc/ospfd.texi +++ b/doc/ospfd.texi @@ -258,12 +258,16 @@ all OSPF packets are authenticated. @var{AUTH_KEY} has length up to 8 chars. @deffnx {Interface Command} {no ip ospf message-digest-key} {} Set OSPF authentication key to a cryptographic password. The cryptographic algorithm is MD5. KEYID identifies secret key used to create the message -digest. KEY is the actual message digest key up to 16 chars. Note that OSPF -MD5 authentication requires that time never go backwards, even across -resets, if ospfd is to be able to promptly reestabish adjacencies with it's -neighbours after restarts/reboots. The host should have system time be set -at boot from an external source (eg battery backed clock, NTP, etc.) if MD5 -authentication is to be expected to work reliably. +digest. KEY is the actual message digest key up to 16 chars. + +Note that OSPF MD5 authentication requires that time never go backwards +(correct time is not important, only that it never goes backwards), even +across resets, if ospfd is to be able to promptly reestabish adjacencies +with its neighbours after restarts/reboots. The host should have system +time be set at boot from an external source (eg battery backed clock, NTP, +etc.) or else the system clock should be periodically saved to non-volative +storage and restored at boot if MD5 authentication is to be expected to work +reliably. @end deffn @deffn {Interface Command} {ip ospf cost <1-65535>} {} -- cgit v1.2.1