Folks, I've been working with the flashrd system for booting from compact flash media, and ran across a case where I'd like to make some changes to isakmpd, but before I do so I'm not sure that it's a good idea.
The location for certificates, CA's, private keys, etc. is hard-coded in /usr/src/sbin/isakmpd/conf.h and conf.c to be /etc/isakmpd/. I'd like to be able to set a flag on isakmpd at launch time that it should read the information from a different path, such as /flash/isakmpd, so that such system-specific information can be more easily preserved across upgrades of the base system. However, since this is getting into crypto and security territory, I'm not sure that it's a good idea to allow this path to be changed. I'm fairly certain that this is innocuous, but opinions, anyone, before I start hacking? --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
