[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure

Paul Wouters paul at xelerance.com
Wed Jul 8 06:00:00 EDT 2009

On Tue, 7 Jul 2009, Greg Scott wrote:

> Searching for "CKAIDNSS" with Google, I see a few references at
> http://cvs.fedoraproject.org and http://cvs.fedora.redhat.com.  It looks
> like a patch to Openswan 2.6.21.  I am running the bundled RPM that came
> with Fedora 11.  If any folks from RedHat are reading this, would it be
> possible to shed some light?  Please please please please reassure me you
> didn't break old IPSEC secrets files!  I guess I will find out tomorrow
> when I try to put this replacement system into production. 

Ohhhh. It's the NSS code. Currently, they compile with NSS enabled, which
means you currently cannot use PSK or any RSA key specified in ipsec.secrets
or via X.509 keys outside the NSS database.

If you want the old things to work, change the spec file to not enable
NSS and recompile. If they did not add an option in the spec file, look
at the spec file in openswan-2.6.22/packaging/fedora/openswan.spec.


More information about the Users mailing list