xref: /titanic_50/usr/src/man/man1m/sckmd.1m (revision ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2ab)
te
Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
SCKMD 1M "Apr 25, 2006"
NAME
sckmd - Sun cryptographic key management daemon
SYNOPSIS

/usr/platform/sun4u/lib/sckmd
DESCRIPTION

sckmd is a server process that resides on a high-end system domain to maintain the Internet Protocol Security (IPsec) Security Associations (SAs) needed to secure communications between a Service Processor or System Controller (SC) and platform management software running within a domain. The cvcd(1M) and dcs(1M) daemons use these Security Associations. See ipsec(7P) for a description of Security Associations.

The sckmd daemon receives SAs from the Service Processor or SC and installs these SAs in a domain's Security Association Database (SADB) using pf_key(7P).

sckmd starts up at system boot time as an SMF service. The FMRI for the sckmd service is:

svc:/platform/sun4u/sckmd:default

A domain supports only one running sckmd process at a time.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
SEE ALSO

cvcd(1M), dcs(1M), ipsecconf(1M), ipsecalgs(1M), attributes(5), ipsec(7P), ipsecah(7P), ipsecesp(7P), pf_key(7P)

NOTES

The sckmd service is used only on Sun Fire high-end systems and the SPARC Enterprise Server family. It provides a mechanism for exchanging IPsec keys between a domain and its System Controller (SC) or Service Processor. These platforms use IPsec to secure the communications between the SC or Service Processor and certain platform-specific daemons in the domain. Such daemons currently include cvcd(1M) and dcs(1M).

The documentation for each platform that supports sckmd describes how to configure its use of IPsec for such communications. Also, the documentation for each specific application describes how to configure its security policies and IPsec options in a manner appropriate for the target platform. Refer to the platform- and application-specific documentation for detailed information.