e3320f40ba20e6851e73a3237eedf089700bf001markfen<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
e3320f40ba20e6851e73a3237eedf089700bf001markfen Copyright 2007 Sun Microsystems, Inc. All rights reserved.
e3320f40ba20e6851e73a3237eedf089700bf001markfen Use is subject to license terms.
e3320f40ba20e6851e73a3237eedf089700bf001markfen CDDL HEADER START
e3320f40ba20e6851e73a3237eedf089700bf001markfen The contents of this file are subject to the terms of the
e3320f40ba20e6851e73a3237eedf089700bf001markfen Common Development and Distribution License (the "License").
e3320f40ba20e6851e73a3237eedf089700bf001markfen You may not use this file except in compliance with the License.
e3320f40ba20e6851e73a3237eedf089700bf001markfen You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
e3320f40ba20e6851e73a3237eedf089700bf001markfen See the License for the specific language governing permissions
e3320f40ba20e6851e73a3237eedf089700bf001markfen and limitations under the License.
e3320f40ba20e6851e73a3237eedf089700bf001markfen When distributing Covered Code, include this CDDL HEADER in each
e3320f40ba20e6851e73a3237eedf089700bf001markfen file and include the License file at usr/src/OPENSOLARIS.LICENSE.
e3320f40ba20e6851e73a3237eedf089700bf001markfen If applicable, add the following below this CDDL HEADER, with the
e3320f40ba20e6851e73a3237eedf089700bf001markfen fields enclosed by brackets "[]" replaced with your own identifying
e3320f40ba20e6851e73a3237eedf089700bf001markfen information: Portions Copyright [yyyy] [name of copyright owner]
e3320f40ba20e6851e73a3237eedf089700bf001markfen CDDL HEADER END
e3320f40ba20e6851e73a3237eedf089700bf001markfen ident "%Z%%M% %I% %E% SMI"
e3320f40ba20e6851e73a3237eedf089700bf001markfen NOTE: This service manifest is not editable; its contents will
e3320f40ba20e6851e73a3237eedf089700bf001markfen be overwritten by package or patch operations, including
e3320f40ba20e6851e73a3237eedf089700bf001markfen operating system upgrade. Make customizations in a different
e3320f40ba20e6851e73a3237eedf089700bf001markfen<service_bundle type='manifest' name='SUNWcsr:manual-key'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='service'
e3320f40ba20e6851e73a3237eedf089700bf001markfen version='1'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- The 'manual-key' service is delivered disabled
e3320f40ba20e6851e73a3237eedf089700bf001markfen because there is not a default configuration file.
e3320f40ba20e6851e73a3237eedf089700bf001markfen See note below on changing the default configuration file. -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen <single_instance />
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- Read/Write access to /var/run required for lock files -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen <dependency
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='filesystem'
e3320f40ba20e6851e73a3237eedf089700bf001markfen grouping='require_all'
e3320f40ba20e6851e73a3237eedf089700bf001markfen restart_on='none'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='service'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <service_fmri
e3320f40ba20e6851e73a3237eedf089700bf001markfen </dependency>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- Kernel needs to know IPsec supported algorithms -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen <dependency
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='algorithms'
e3320f40ba20e6851e73a3237eedf089700bf001markfen grouping='require_all'
e3320f40ba20e6851e73a3237eedf089700bf001markfen restart_on='none'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='service'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <service_fmri
e3320f40ba20e6851e73a3237eedf089700bf001markfen </dependency>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- If we are enabled, we should be running fairly early -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='ipseckey-network'
e3320f40ba20e6851e73a3237eedf089700bf001markfen grouping='optional_all'
e3320f40ba20e6851e73a3237eedf089700bf001markfen restart_on='none'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <service_fmri
e3320f40ba20e6851e73a3237eedf089700bf001markfen </dependent>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <exec_method
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='method'
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='start'
e3320f40ba20e6851e73a3237eedf089700bf001markfen timeout_seconds='60'
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- To prevent ipseckey generating warnings about duplicate
e3320f40ba20e6851e73a3237eedf089700bf001markfen SAs when the service is refreshed, ipseckey will flush the
e3320f40ba20e6851e73a3237eedf089700bf001markfen existing SAs when its called from smf(5). -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen <exec_method
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='method'
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='refresh'
e3320f40ba20e6851e73a3237eedf089700bf001markfen timeout_seconds='60'
e3320f40ba20e6851e73a3237eedf089700bf001markfen <exec_method
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='method'
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='stop'
e3320f40ba20e6851e73a3237eedf089700bf001markfen exec='/usr/sbin/ipseckey flush'
e3320f40ba20e6851e73a3237eedf089700bf001markfen timeout_seconds='60'
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- A user with this authorization can:
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm restart manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm refresh manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm mark <state> manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm clear manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen see auths(1) and user_attr(4)-->
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='action_authorization'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='astring'
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- A user with this authorization can:
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm disable manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm enable manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen see auths(1) and user_attr(4)-->
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='value_authorization'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='astring'
e3320f40ba20e6851e73a3237eedf089700bf001markfen </property_group>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- The properties defined below can be changed by a user
e3320f40ba20e6851e73a3237eedf089700bf001markfen with 'solaris.smf.value.ipsec' authorization using the
e3320f40ba20e6851e73a3237eedf089700bf001markfen svccfg(1M) command.
e3320f40ba20e6851e73a3237eedf089700bf001markfen svccfg -s manual-key setprop config/config_file = /new/config_file
e3320f40ba20e6851e73a3237eedf089700bf001markfen The new configurations will be read on service refresh:
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm refresh ipsec/manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen Note: svcadm disable/enable does not use the new property
e3320f40ba20e6851e73a3237eedf089700bf001markfen until after the service has been refreshed.
e3320f40ba20e6851e73a3237eedf089700bf001markfen ***Do not edit this manifest to change these properties! -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='config_file'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='astring'
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='value_authorization'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='astring'
e3320f40ba20e6851e73a3237eedf089700bf001markfen </property_group>
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='duration'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='astring'
e3320f40ba20e6851e73a3237eedf089700bf001markfen value='transient'
e3320f40ba20e6851e73a3237eedf089700bf001markfen </property_group>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <common_name>
e3320f40ba20e6851e73a3237eedf089700bf001markfen manually keyed IPsec startup
e3320f40ba20e6851e73a3237eedf089700bf001markfen </common_name>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <description>
e3320f40ba20e6851e73a3237eedf089700bf001markfen Loads static security associations
e3320f40ba20e6851e73a3237eedf089700bf001markfen </description>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <documentation>
e3320f40ba20e6851e73a3237eedf089700bf001markfen manpath='/usr/share/man' />
e3320f40ba20e6851e73a3237eedf089700bf001markfen </documentation>
e3320f40ba20e6851e73a3237eedf089700bf001markfen </template>
e3320f40ba20e6851e73a3237eedf089700bf001markfen</service_bundle>