Forum Discussion

fubarSUSHI's avatar
fubarSUSHI
Icon for Altocumulus rankAltocumulus
Jun 14, 2016

Understanding ltm monitor password hashes

Is this normal? I have a ltm monitor with a password associated. When I do a diff from ucs1 vs ucs2 (even though nothing has changed... "I believe") the password hashes are different.   example:...
LTM
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Jun 15, 2016

I have found this F5 Knowledgebase Solution which is likely to be related to the behavior that you are seeing:

 

SOL16902: Secure Vault encrypted passphrase values for BIG-IP configuration objects no longer match across device group members

 

So it states that the difference in encrypted passwords is purely "cosmetic" as even though the encrypted values look different they will get decrypted to the same value and functionality will be preserved.

 

From v11.5 F5 started to use the Secure Vault Master Key to encrypt ALL passphrases inside in the bigip.conf (not just SSL private keys) - there is another F5 solution which talks about the impact of this on UCS files and explains a bit the $M prefix:

 

https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html

 

Hope this helps,

 

Sam