The following system administration features and enhancements have been added to the Solaris 10 5/09 release.
IP security (IPsec) is now managed by the following Solaris Management Facility (SMF) services:
svc:/network/ipsec/policy:default – The policy service checks for the /etc/inet/ipsecinit.conf file and feeds the data into the IPsec Security Policy Database (SPD). The policy service must be started and its file, /etc/inet/ipsecinit.conf, must exist for boot-time IPsec policy configuration.
svc:/network/ipsec/ike:default – The ike service controls the Internet Key Exchange (IKE) daemon in iked(1M). This service controls ike in a manner similar to other daemon-controlled services like ssh or sendmail.
svc:/network/ipsec/manual-key:default – The manual-key service checks for the /etc/inet/secret/ipseckeys file and feeds the keys into the IPsec Security Association Database (SADB). Prior to SMF, the mere existence of the /etc/inet/secret/ipseckeys file was sufficient, but now the service should also be enabled to load manual IPsec keys.
svc:/network/ipsec/ipsecalgs:default – The ipsecalgs service is enabled by default and maps Solaris Cryptographic Framework algorithms to their use in IPsec. Changes enabled with ipsecalgs(1M) subsequently refresh the ipsecalgs service.
The SMF management brings all the SMF features to IPsec, for example, interface consistency, capability of restarting, and fault-tracking.