Sun Microsystems, Inc.
spacerspacer
spacer   www.sun.com docs.sun.com | | |  
spacer
black dot
   
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
    
 
System Administration Commandssckmd(1M)


NAME

 sckmd - Sun Fire 15K key management daemon

SYNOPSIS

 /usr/platform/SUNW,Sun-Fire-15000/lib/sckmd

DESCRIPTION

 

sckmd is a server process that resides on a Sun Fire 15K domain. sckmd maintains the Internet Protocol Security (IPsec) Security Associations (SAs) needed to secure the communication between the Sun Fire 15K System Controller (SC) and the cvcd(1M) and dcs(1M) daemons running on a Sun Fire 15K domain. See ipsec(7P) for a description of Security Associations.

sckmd receives SAs from the SC and provides these SAs to the Security Association Databases (SADBs) using pf_key(7P).

sckmd normally starts up at system boot time. Each domain supports only one running sckmd process at a time.

FILES

 
/etc/inet/ipsecinit.conf
Configuration file for default system-wide IPsec policies

ATTRIBUTES

 

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPEATTRIBUTE VALUE
ArchitectureSun Fire 15K systems
AvailabilitySUNWsckmx.u, SUNWsckmu.u, SUNWsckmr

SEE ALSO

 

cvcd(1M), dcs(1M), ipsecconf(1M), attributes(5), authmd5h(7M), encr3des(7M), ipsec(7P), pf_key(7P)

Sun Enterprise 10000 SSP Reference Manual

Sun System Management Services (SMS) Reference Manual

NOTES

 

IPsec is used by Sun Fire 15K systems to secure the communication between the SC, and the cvcd(1M) and dcs(1M) daemons running on a domain. System-wide IPsec policies for these daemons are configured on a domain with ipsecconf(1M). Default policies are defined when the SUNWsckmr package is installed on a Sun Fire 15K domain at OS install time.

Package SUNWsckmr configures default system-wide policies for cvcd(1M) and dcs(1m) by adding the following entries in /etc/inet/ipsecinit.conf:

 
{ dport sun-dr ulp tcp } permit 
        { auth_alg md5 }
{ sport sun-dr ulp tcp } apply 
        { auth_alg md5 sa unique }
{ dport cvc_hostd ulp tcp } permit 
        { auth_alg md5 }
{ sport cvc_hostd ulp tcp } apply 
        { auth_alg md5 sa unique }

The cvc_hostd service represents cvcd(1M) and the sun-dr service represents dcs(1m) in the preceding entries.

These policies conform to the format defined by ipsec(7p) and require HMAC-MD5 authentication. See authmd5h(7M).

System-wide policies for cvcd(1m) and dcs(1m) configured on a domain using ipsecconf(1m) must match the IPsec policies defined for these services on the SC. On an SC, IPsec policies for these services are defined by the SMS key management daemon. Refer to thekmd(1M) man page in the Sun System Management Services (SMS) Reference Manual.

IPsec encryption or authentication with encryption can be enabled on the domain using the encr_algs and encr_auth_algs properties, as described in the ipsecconf(1m) manual page. For example, the following ipsecconf(1m) entries require Triple-DES and HMAC-MD5 authentication for the network console cvcd(1m) service:

 
{ dport cvc_hostd ulp tcp } permit 
        { encr_algs 3des encr_auth_algs md5 }
{ sport cvc_hostd ulp tcp } apply 
        { encr_algs 3des encr_auth_algs md5 sa unique }

See encr3des(7M) for Triple-DES authentication and authmd5h(7M) for HMAC-M5 authentication.


SunOS 5.9Go To TopLast Changed 9 Dec 2001

 
      
      
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.