CARP password confirmation
dotdash last edited by
I noticed that on 2.3.x you have to confirm CARP passwords when adding a CARP VIP. This complicates my SOP of typing random garbage. On a stand alone firewall, the password is meaningless, and on a cluster, it's automatically sync'd to the secondary. Seems to be unneeded, and the CARP password is confusing to new users. Is there actually a scenario where you couldn't get by with generating a secure password behind the scenes and hiding it from the user?
This complicates my SOP of typing random garbage.
You and me both. I looked at changing it briefly, but that's not all that straight forward with the way password fields are handled.
It probably ought to just generate something random on the back end, it was originally done that way so you could have a primary or secondary that was running on a stock BSD and switch CARP between them. But I don't think there is anyone who actually does that.