test

System Administration Guide: IP Services

ProcedureHow to View IKE Preshared Keys

By default, the ikeadm command prevents you from viewing the actual keys in a dump of a Phase 1 SA. Viewing the keys is useful during debugging.

To view the actual keys, you must increase the privilege level of the daemon. For a description of the privilege levels, see IKE Administration Command.

Before You Begin

IKE is configured and the ike service is running.

  1. View the IKE preshared keys.


    # ikeadm
ikeadm> dump preshared

  2. If you get an error, increase the privilege level of the in.iked daemon.

    1. Increase the privilege level of the in.iked daemon in the SMF repository.


      # svcprop -p config/admin_privilege ike
base
# svccfg -s ike setprop config/admin_privilege=keymat

    2. Increase the privilege level of the running in.iked daemon.


      # svcadm refresh ike ; svcadm restart ike

    3. (Optional) Confirm that the privilege level is keymat.


      # svcprop -p config/admin_privilege ike
keymat

    4. View the keys by running Step 1 again.

  3. Return the IKE daemon to the base privilege level.

    1. After you view the keys, return the privilege level to the default.


      # svccfg -s ike setprop config/admin_privilege=base

    2. Refresh and then restart IKE.


      # svcadm refresh ike ; svcadm restart ike