Encrypted Password Authentication

The CRYPT-PW authentication scheme uses an 8 bit UNIX crypt routine, which is also used for login passwords under UNIX. This routine provides a "trap door" function, the inverse of which is somewhat hard to calculate. The password provided by the user is encrypted with this function and stored in its encrypted form only. When the user later provides the password for authentication, the encryption is repeated and the results are compared. Since the original (plain-text) password cannot easily be computed from the encrypted version, the encrypted password does not have to be kept secret.

Changing A Maintainer Object To Use CRYPT-PW Instead of MAIL-FROM

A maintainer using MAIL-FROM for authentication should appear as follows:

   mntner:      MAINT-AS1234
   descr:       Company's Name
   admin-c:     AC1
   tech-c:      TC1
   upd-to:      admin@customer.com
   auth:        MAIL-FROM admin@customer.com
   notify:      admin@customer.com
   mnt-by:      MAINT-AS1234
   changed:     admin@customer.com 20010326
   source:      BBOI
Using a CRYPT-PW generator, create a crypt string using the plain-text password you plan to use. Change the "auth:" field to reflect the generated crypt string with the following syntax:
   mntner:      MAINT-AS1234
   descr:       Company's Name
   admin-c:     AC1
   tech-c:      TC1
   upd-to:      admin@customer.com
   auth:        CRYPT-PW cHJ3DBc2Y4Oj6
   notify:      admin@customer.com
   mnt-by:      MAINT-AS1234
   changed:     admin@customer.com 20010326
   source:      BBOI
You should receive an acknowledgement via email stating success or failure of the update.

Making Object Modifications using the CRYPT-PW

When sending IRR update requests, the plain-text password must to be provided in the message body by specifying "password: plaintext-password" following any update requests, as shown below. The password will remain valid for all requests preceding it in the same email message or until another password is specified. Following is an example of the syntax to modify a route object.
Existing Route Object:
   route:        	208.160.0.0/24
   descr:        	ACME cidr block
   origin:       	AS4293
   mnt-by:       	ACME-MAINT
   changed:      	jdoe@acme.net 19950524
   source:       	BBOI
Modified Route Object:
   route:               208.160.0.0/23
   descr:               New Description Block
   origin:              AS4293
   mnt-by:              ACME-MAINT
   changed:             jdoe@acme.net
   source:              BBOI
   password: UnencryptedVersionOfThePasswordYouUsedInTheMaintainer

Back to Table Of Contents