Forum Discussion

Altocumulus

Jun 14, 2016

Understanding ltm monitor password hashes

Is this normal? I have a ltm monitor with a password associated. When I do a diff from ucs1 vs ucs2 (even though nothing has changed... "I believe") the password hashes are different. example:...

LTM

security

samstep

Cirrocumulus

Jun 15, 2016

I have found this F5 Knowledgebase Solution which is likely to be related to the behavior that you are seeing:

SOL16902: Secure Vault encrypted passphrase values for BIG-IP configuration objects no longer match across device group members

So it states that the difference in encrypted passwords is purely "cosmetic" as even though the encrypted values look different they will get decrypted to the same value and functionality will be preserved.

From v11.5 F5 started to use the Secure Vault Master Key to encrypt ALL passphrases inside in the bigip.conf (not just SSL private keys) - there is another F5 solution which talks about the impact of this on UCS files and explains a bit the $M prefix:

https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html

Hope this helps,

Sam

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)