unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

ike.preshared(4)                 File Formats                 ike.preshared(4)



NAME
       ike.preshared - pre-shared keys file for IKE

SYNOPSIS
       /etc/inet/secret/ike.preshared

DESCRIPTION
        The  /etc/inet/secret/ike.preshared  file contains secret keying mate-
       rial that two IKE instances can use to authenticate each other. Because
       of   the   sensitive   nature   of   this  data,  it  is  kept  in  the
       /etc/inet/secret directory, which is only accessible by root.

       Pre-shared keys are delimited by open-curly-brace ({) and  close-curly-
       brace (}) characters. There are five name-value pairs required inside a
       pre-shared key:


       tab();  lw(1.833333i)  lw(1.833333i)  lw(1.833333i).   NameValueExample
       localidtypeIPlocalidtype  IP  remoteidtypeIPremoteidtype  IP localidIP-
       addresslocalid  10.1.1.2  remoteidIP-addressremoteid  10.1.1.3  keyhex-
       string          1234567890abcdef


       Comment lines with # appearing in the first column are also legal.

       Files in this format can also be used by the ikeadm(1M) command to load
       additional pre-shared keys into a running an in.iked(1M) process.

EXAMPLES
       Example 1: A Sample ike.preshared File

       The following is an example of an ike.preshared file:


       #
       # Two pre-shared keys between myself, 10.1.1.2, and two remote
       # hosts.  Note that names are not allowed for IP addresses.
       #
       # A decent hex string can be obtained by performing:
       #           od -x </dev/random | head
       #

       {
            localidtype IP
            localid 10.1.1.2
            remoteidtype IP
            remoteid 10.21.12.4
            key 4b656265207761732068657265210c0a
       }

       {
            localidtype IP
            localid 10.1.1.2
            remoteidtype IP
            remoteid 10.9.1.25
            key 536f20776572652042696c6c2c2052656e65652c20616e642043687269732e0a
       }


SECURITY
        If this file is compromised, all IPsec security  associations  derived
       from secrets in this file will be compromised as well. The default per-
       missions on ike.preshared are 0600. They should stay this way.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:


       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE AvailabilitySUNWcsr


SEE ALSO
       od(1), ikeadm(1M), in.iked(1M), ipseckey(1M), attributes(5), random(7D)



SunOS 5.10                        15 Oct 2001                 ike.preshared(4)