| Skip Navigation Links | |
| Exit Print View | |
|
Securing the Network in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Securing the Network in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
1. Using Link Protection in Virtualized Environments
2. Tuning Your Network (Tasks)
3. Web Servers and the Secure Sockets Layer Protocol
4. IP Filter in Oracle Solaris (Overview)
6. IP Security Architecture (Overview)
8. IP Security Architecture (Reference)
9. Internet Key Exchange (Overview)
11. Internet Key Exchange (Reference)
IKE Public Key Databases and Commands
/etc/inet/ike/publickeys Directory
You can use the ikeadm command to do the following:
View aspects of the IKE state.
Change the properties of the IKE daemon.
Display statistics on SA creation during the Phase 1 exchange.
Debug IKE protocol exchanges.
Display IKE daemon objects, such as all Phase 1 SAs, policy rules, preshared keys, available Diffie-Hellman groups, Phase 1 encryption and authentication algorithms, and the certificate cache.
For examples and a full description of this command's options, see the ikeadm(1M) man page.
The privilege level of the running IKE daemon determines which aspects of the IKE daemon can be viewed and modified. Three levels of privilege are possible.
You cannot view or modify keying material. The base level is the default level of privilege.
You can remove, change, and add preshared keys.
You can view the actual keying material with the ikeadm command.
For a temporary privilege change, you can use the ikeadm command. For a permanent change, change the admin_privilege property of the ike service. For the procedure, see How to Manage IPsec and IKE Services.
The security considerations for the ikeadm command are similar to the considerations for the ipseckey command. For details, see Security Considerations for ipseckey.
|