This procedure assumes that you want to replace an existing preshared key at regular intervals.
On the system console, assume the Primary Administrator role or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Logging in remotely exposes security-critical traffic to eavesdropping. Even if you somehow protect the remote login, the security of the system is reduced to the security of the remote login session. Use the ssh command for secure remote login.
Generate random numbers and construct a key of the appropriate length.
For details, see How to Generate Random Numbers on a Solaris System. If you are generating a preshared key for a Solaris system that is communicating with an operating system that requires ASCII, see Example 23–1.
Replace the current key with a new key.
For example, on the hosts enigma and partym, you would replace the value of key in the /etc/inet/secret/ike.preshared file with a new number of the same length.
Starting in the Solaris 10 4/09 release, refresh the ike service.
# svcadm refresh ike
If you are running a release prior to the Solaris 10 4/09 release, kill and restart the in.iked daemon.
# /usr/sbin/ikeadm get priv Current privilege level is 0x0, base privileges enabled
You can change the keying material if the command returns a privilege level of 0x1 or 0x2. Level 0x0 does not permit operations to modify or view keying material. By default, the in.iked daemon runs at the 0x0 level of privilege.
When the daemon restarts, it reads the new version of the ike.preshared file.
# pkill in.iked # /usr/lib/inet/in.iked
If the privilege level is 0x1 or 0x2, read in the new version of the ike.preshared file.
# ikeadm read preshared