summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2005-05-05 11:32:06 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2005-05-05 11:32:06 +0000
commit83679b0bc9c2512b9eab72305c7da670dcfae4bd (patch)
treea6d3fd28e21237742452fbdfcf8e5412f9e43297 /sbin/isakmpd
parente4ea37bed035342347eb152e34ce625a660100cd (diff)
improve FILES;
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/isakmpd.870
1 files changed, 42 insertions, 28 deletions
diff --git a/sbin/isakmpd/isakmpd.8 b/sbin/isakmpd/isakmpd.8
index a151b81629c..20824c65128 100644
--- a/sbin/isakmpd/isakmpd.8
+++ b/sbin/isakmpd/isakmpd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: isakmpd.8,v 1.71 2005/04/10 14:17:49 jmc Exp $
+.\" $OpenBSD: isakmpd.8,v 1.72 2005/05/05 11:32:05 jmc Exp $
.\" $EOM: isakmpd.8,v 1.23 2000/05/02 00:30:23 niklas Exp $
.\"
.\" Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist.
@@ -511,53 +511,67 @@ Tear down all active connections.
.El
.Sh FILES
.Bl -tag -width Ds
-.It Pa /etc/isakmpd/ca/
-The directory where CA certificates can be found.
-.It Pa /etc/isakmpd/certs/
-The directory where IKE certificates can be found, both the local
+.It /etc/isakmpd/ca/
+The directory where CA certificates are kept.
+.It /etc/isakmpd/certs/
+The directory where IKE certificates are kept, both the local
certificate(s) and those of the peers, if a choice to have them kept
permanently has been made.
-.It Pa /etc/isakmpd/crls/
-The directory where CRLs can be found.
-.It Pa /etc/isakmpd/isakmpd.conf
+.It /etc/isakmpd/crls/
+The directory where CRLs are kept.
+.It /etc/isakmpd/isakmpd.conf
The configuration file.
As this file can contain sensitive information
it must not be readable by anyone but the user running
-.Nm isakmpd .
-.It Pa /etc/isakmpd/isakmpd.policy
+.Nm .
+.It /etc/isakmpd/isakmpd.policy
The keynote policy configuration file.
The same mode requirements as
.Pa isakmpd.conf .
-.It Pa /etc/isakmpd/private/local.key
-A local private key for certificate based authentication.
-There has to be a certificate for this key in the certificate directory
-mentioned above.
-The same mode requirements as
-.Nm isakmpd.conf .
-.It Pa /etc/isakmpd/pubkeys/
-Directory in which trusted public keys can be kept.
+.It /etc/isakmpd/keynote/
+The directory where KeyNote credentials are kept.
+.It /etc/isakmpd/private/
+The directory where local private keys for certificate-based authentication,
+and their public key counterparts, are kept.
+By default, the system startup script
+.Xr rc 8
+generates a key-pair when starting, if one does not already exist.
+The private and public keys are named
+.Pa local.key
+and
+.Pa local.pub ,
+respectively.
+There has to be a certificate for
+.Pa local.key
+in the certificate directory,
+.Pa /etc/isakmpd/certs/ .
+.Pa local.key
+has the same mode requirements as
+.Pa isakmpd.conf .
+.It /etc/isakmpd/pubkeys/
+The directory in which trusted public keys are kept.
The keys must be named in the fashion described above.
-.It Pa /var/run/isakmpd.pid
-The PID of the current daemon.
-.It Pa /var/run/isakmpd.fifo
+.It /usr/share/ipsec/isakmpd/
+A directory containing some sample
+.Nm
+and keynote policy configuration files.
+.It /var/run/isakmpd.fifo
The FIFO used to manually control
.Nm isakmpd .
-.It Pa /var/run/isakmpd.pcap
+.It /var/run/isakmpd.pcap
The default IKE packet capture file.
-.It Pa /var/run/isakmpd.report
+.It /var/run/isakmpd.pid
+The PID of the current daemon.
+.It /var/run/isakmpd.report
The report file written when
.Dv SIGUSR1
is received.
-.It Pa /var/run/isakmpd.result
+.It /var/run/isakmpd.result
The report file written when the
.Sq S
or
.Sq "C get"
command is issued in the command FIFO.
-.It Pa /usr/share/ipsec/isakmpd/
-A directory containing some sample
-.Nm
-and keynote policy configuration files.
.El
.Sh SEE ALSO
.Xr openssl 1 ,