1 files changed, 52 insertions, 11 deletions

diff --git a/sbin/ipsec/photurisd/photurisd.1 b/sbin/ipsec/photurisd/photurisd.1
index f607a7a2e30..66c34e2e6ce 100644
--- a/sbin/ipsec/photurisd/photurisd.1
+++ b/sbin/ipsec/photurisd/photurisd.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: photurisd.1,v 1.7 1997/12/02 10:57:37 provos Exp $
+.\" $OpenBSD: photurisd.1,v 1.8 1998/03/04 11:43:46 provos Exp $
 .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
 .\" All rights reserved.
 .\"
@@ -39,6 +39,7 @@
 .Nm photurisd
 .Op Fl ci
 .Op Fl d Ar directory
+.Op Fl p Ar port
 .Sh DESCRIPTION
 The
 .Nm photuris
@@ -71,6 +72,10 @@ option specifies the directory in which
 .Nm photurisd
 looks for its startup files. The default is
 .Pa /etc/photuris/ .
+.It Fl p
+The
+.Fl p
+option specifies the local port the daemon shall bind to.
 .El
 .Pp
 The file
@@ -114,26 +119,62 @@ The file
 contains the attributes, i.e. different choices of encryption
 and authenication, offered to the other peer. If a line starts with an ip
 address and a space seperated netmask the following attributes are only
-offered to hosts lying in that net range. Possible attributes are:
+offered to hosts lying in that net range. Only one attribute per line
+is allowed. An attribute can either be an already defined tag or
+an new definition of an attribute. In that case the line is followed by a 
+comma separated list:
+.Nm attribute name ,
+.Nm Photuris id ,
+.Nm type of attribute
+and
+.Nm key length .
+The name is only used as reference. A list of possible Photuris ids can
+be found in
+.Pa /usr/share/ipsec/attributes.conf .
+The attribute type is one of the following:
+.Nm enc ,
+.Nm ident ,
+.Nm auth
+or
+.Nm ident|auth .
+The key length is so far only used by the encryption attributes and
+specifies the number of keying bytes the daemon has to generate.
+Predefined attributes are:
 .Bl -tag -width AT_ESP_ATTRIB -offset indent
 .It AT_AH_ATTRIB
 Starts the list of authentication attributes.
 .It AT_ESP_ATTRIB
 Starts the list of encryption attributes.
-.It AT_MD5_DP
-MD5 symmetric identification. This attribute must be offered.
-.It AT_SHA1_DP
-SHA1 symmetric identification.
-.It AT_MD5_KDP
-Simple MD5 keyed authentication.
-.It AT_DES_CBC
-DES CBC encryption.
 .El
 .Pp
 The file
 .Pa secrets.conf
 contains the party preconfigured symmetric secrets for the
-identity exchange. User secrets files can be included.
+identity exchange. 
+.Bl -tag -width identity_pair_local -offset indent
+.It identity local
+Defines the identity the local daemon will assume and the according
+password. Both name and secret are braced by quotation marks and follow
+the 
+.Nm identity local
+directive.
+.It identity remote
+Defines the parties the daemon can communicate with and their secrets.
+Both name and secret are braced by quotation marks and follow the
+.Nm identity remote
+directive. The name and secret are the same as the identity local
+on the remote site.
+.It identity pair local
+If the identity of the remote site is already known,
+.Nm identity pair local
+enables the daemon to assume an identity and secret based on
+the remote identity. The directive is followed by the
+remote identity, a new local identity and an according secret.
+In that way the secrets are not shared with all other parties.
+.El
+.Pp
+Once DNSSEC or other public key infrastructures are available, those will
+be supported also.
 .Pp
 Finally the file
 .Pa photuris.startup