BGP and passwords
Ondrej Zajicek
santiago at crfreenet.org
Wed Aug 27 14:10:10 CEST 2025
On Wed, Aug 27, 2025 at 09:56:01AM +0100, Elmar K. Bins wrote:
> Hey Radu,
>
> rafeurdean at franceix.net (Radu-Adrian Feurdean) wrote:
>
> > On Linux (but that shouldn't change the option's syntax) we use:
> >
> > authentication md5; password "<REDACTED>";
>
> That works, thanks! Could simply not find that in the docs.
>
> I have a question for the devs - if it's the default, and people want to use
> the default, why do you need to put out warnings? Or can I switch that warning
> stuff off?
Hi
In the rest of BIRD, we use 'authentication' option to specify a method
of authentication, while the 'password' / 'key' options to set specific
keys.
In BGP, we used just 'password' option for MD5 auth, but now we also have
TCP-AO auth, which use 'keys' block with 'key' statements for specific
keys.
It is silly to distinguish auth method based on 'password' or 'key'
options, especially when in the rest of BIRD these keywords are treated
as synonyms, therefore we itroduced the 'authentication' option to BGP
to have explicit and consistent behavior, but we also keep (for now)
the old behavior of just setting the 'password', but it is encouraged
to use the explicit option, as this may change in the future.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list