Chapter 2 Advanced Routing for FortiOS 5.0 : Open Shortest Path First (OSPF) : OSPF Background and concepts : The parts and terminology of OSPF : Authentication
  
Authentication
In the OSPF packet header are two authentication related fields —AuType, and Authentication.
All OSPF packet traffic is authenticated. Multiple types of authentication are supported in OSPFv2. However in OSPFv3, there is no authentication built-in but it is assumed that IPsec will be used for authentication instead.
Packets that fail authentication are discarded.
Null authentication
Null authentication indicates there is no authentication being used. In this case the 16-byte Authentication field is not checked, and can be any value. However checksumming is still used to locate errors. On your FortiGate this is the none option for authentication.
Simple Password authentication
Simple password refers to a standard plain text string of characters. The same password is used for all transactions on a network. The main use of this type of authentication is to prevent routers from accidently joining the network. Simple password authentication is vulnerable to many forms of attack, and is not recommended as a secure form of authentication.
Cryptographic authentication
Cryptographic authentication involves the use of a shared secret key to authenticate all router traffic on a network. The key is never sent over the network in the clear—a packet is sent and a condensed and encrypted form of the packet is appended to the end of the packet. A non-repeating sequence number is included in the OSPF packet to protect against replay attacks that could try to use already sent packets to disrupt the network. When a packet is accepted as authentic the authentication sequence number is set to the packet sequence number. If a replay attack is attempted, the packet sent will be out of sequence and ignored.
Your FortiGate unit supports all three levels of authentication through the authentication keyword associated with creating an OSPF interface .
For example to create an OSPF interface called Accounting on the port1 interface that is a broadcast interface, has a hello interval of 10 seconds, has a dead interval of 40 seconds, uses text authentication (simple password) with a password of “ospf_test”, enter the command:
config router ospf
config ospf-interface
edit Accounting
set interface port1
set network-type broadcast
set hello-interval 10
set dead-interval 40
set authentication text
set authentication-key “ospf_test”
end
end