diff --git a/README.turnserver b/README.turnserver index d7e9c274..ebdb9d47 100644 --- a/README.turnserver +++ b/README.turnserver @@ -536,6 +536,9 @@ Options with required values: --cli-port CLI management interface listening port. Default is 5766. --cli-password CLI access password. Default is empty (no password). + For the security reasons, it is recommended to use the encrypted + form of the password (see the -P command in the turnadmin + utility). The dollar signs in the encrypted form must be escaped. --cli-max-output-sessions Maximum number of output sessions in ps CLI command. This value can be changed on-the-fly in CLI. The default value is 256. diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf index 9ae0f375..2b11db7a 100644 --- a/examples/etc/turnserver.conf +++ b/examples/etc/turnserver.conf @@ -599,8 +599,16 @@ #cli-port=5766 # CLI access password. Default is empty (no password). +# For the security reasons, it is recommended to use the encrypted +# for of the password (see the -P command in the turnadmin utility). # -#cli-password=logen +# Secure form for password 'qwerty': +# +#cli-password=$5$79a316b350311570$81df9cfb9af7f5e5a76eada31e7097b663a0670f99a3c07ded3f1c8e59c5658a +# +# Or unsecure form for the same paassword: +# +#cli-password=qwerty # Server relay. NON-STANDARD AND DANGEROUS OPTION. # Only for those applications when we want to run diff --git a/man/man1/turnserver.1 b/man/man1/turnserver.1 index 83c9a443..5c42dab8 100644 --- a/man/man1/turnserver.1 +++ b/man/man1/turnserver.1 @@ -770,6 +770,9 @@ CLI management interface listening port. Default is 5766. .B \fB\-\-cli\-password\fP CLI access password. Default is empty (no password). +For the security reasons, it is recommended to use the encrypted +form of the password (see the \fB\-P\fP command in the \fIturnadmin\fP +utility). The dollar signs in the encrypted form must be escaped. .TP .B \fB\-\-cli\-max\-output\-sessions\fP diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 9fc4d4ee..20bf592e 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -583,6 +583,9 @@ static char Usage[] = "Usage: turnserver [options]\n" " is 127.0.0.1.\n" " --cli-port= CLI server port. Default is 5766.\n" " --cli-password= CLI access password. Default is empty (no password).\n" +" For the security reasons, it is recommended to use the encrypted\n" +" for of the password (see the -P command in the turnadmin utility).\n" +" The dollar signs in the encrypted form must be escaped.\n" " --server-relay Server relay. NON-STANDARD AND DANGEROUS OPTION. Only for those applications\n" " when we want to run server applications on the relay endpoints.\n" " This option eliminates the IP permissions check on the packets\n"