Sun Microsystems Logo
Products and Services
 
Support and Training
 
 

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  
 
System Administrationkmd(1m)


NAME

 kmd - SMS key management daemon

SYNOPSIS

 kmd

DESCRIPTION

 

kmd(1M) manages the IPSec security associations (SAs) necessary for securing the communication between the system controller (SC) and servers running on a domain. kmd manages per-socket policies for connections initiated by clients on the SC to servers on a domain. kmd manages shared policies for connections initiated by clients on the domain to servers on the SC.

The current default configuration includes authentication policies for the dca(1M) and dxs(1M) clients on the SC, which connect to the dcs(1M) and cvcd(1M) servers on a domain.

This daemon is started automatically by the ssd(1M) daemon. Do not start it manually from the command line.

Note – kmd must be run as a root process to be permitted to use the pf_key interface to IPSec.

EXIT STATUS

 

The following exit values are returned:

0
Successful completion.
>0
An error occurred.

FILES

 

The following file is used to configure kmd:

/etc/opt/SUNWSMS/config/kmd_policy.cf
kmd_policy.cf configures the shared and per-socket policies managed by kmd.

Changes to the policies are made by editing the kmd_policy.cf file on the SC. Corresponding changes must be made on the affected domain(s).

The format of kmd_policy.cf is a table of eight fields separated by the pipe (|) character:

dir|d_port|protocol|sa_type|auth_alg|encr_alg|domain|login

The fields are defined as follows:

dir
Direction to connect from.

Values: sctodom, domtosc

d_port
Destination port.
protocol
Protocol for the socket.

Values: tcp, udp

sa_type
Security association type.

Values: ah, esp

auth_alg
Authentication algorithm.

Values: none, md5, sha1

encr_alg
Encryption algorithm.

Values: none, des, 3des

domain
Domain ID.

Values: integers 0-17or a [space].

A space for the domain ID defines a policy that applies to all domains. A policy for a specific domain overrides a policy that applied to all domains.

login
Login name.

Values: Any valid login name.

The default policies in the kmd_policy.cf file are as follows:

sctodom|665|tcp|ah|md5|none| |sms-dca|

sctodom|442|tcp|ah|md5|none| |sms-dxs|

The configuration of policies on a domain is the standard IPSec configuration file

(/etc/inet/ipsecconf.init).

The default policies are shown below.

{ dport sun-dr } permit { auth_alg md5 }

{ sport sun-dr } apply {auth_alg md5 sa unique }

{ dport cvc_hostd } permit {auth_alg md5 }

{ sport cvc_hostd } apply {auth_alg md5 sa unique }

ATTRIBUTES

 

See attributes(5) for descriptions of the following attributes.

Attribute TypesAttribute Values
AvailabilitySUNWSMSrSUNWSMSop

SEE ALSO

 

ssd(1m), sckmd(1m), ipsecconf(1m), pf_key(1m), ipsec(1m), dca(1m), dxs(1m), dcs(1m), cvcd(1m)


SMS 1.4Go To TopLast Changed 19 September 2003