Skip Navigation Links | |
Exit Print View | |
Securing the Network in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
1. Using Link Protection in Virtualized Environments
2. Tuning Your Network (Tasks)
3. Web Servers and the Secure Sockets Layer Protocol
4. IP Filter in Oracle Solaris (Overview)
6. IP Security Architecture (Overview)
8. IP Security Architecture (Reference)
9. Internet Key Exchange (Overview)
11. Internet Key Exchange (Reference)
IKE Public Key Databases and Commands
/etc/inet/ike/publickeys Directory
The IKE configuration file, /etc/inet/ike/config, manages the keys for the interfaces that are being protected in the IPsec policy file, /etc/inet/ipsecinit.conf.
Key management with IKE includes rules and global parameters. An IKE rule identifies the systems or networks that the keying material secures. The rule also specifies the authentication method. Global parameters include such items as the path to an attached hardware accelerator. For examples of IKE policy files, see Configuring IKE With Preshared Keys (Task Map). For examples and descriptions of IKE policy entries, see the ike.config(4) man page.
The IPsec SAs that IKE supports protect the IP datagrams according to the policies in the IPsec configuration file, /etc/inet/ipsecinit.conf. The IKE policy file determines if perfect forward security (PFS) is used when creating the IPsec SAs.
The /etc/inet/ike/config file can include the path to a library that is implemented according to the following standard: RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki). IKE uses this PKCS #11 library to access hardware for key acceleration and key storage.
The security considerations for the ike/config file are similar to the considerations for the ipsecinit.conf file. For details, see Security Considerations for ipsecinit.conf and ipsecconf.