From: Martin Willi <martin@revosec.ch>
Date: Fri, 16 Jul 2010 10:18:20 +0000 (+0200)
Subject: Updated ipsec.secrets.5 regarding IKEv2 smartcard support
X-Git-Tag: 4.5.0~602
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1e4e29076c3f870d900ffd404f95fb31a69c8a29;p=thirdparty%2Fstrongswan.git

Updated ipsec.secrets.5 regarding IKEv2 smartcard support
---

diff --git a/src/pluto/ipsec.secrets.5.in b/src/pluto/ipsec.secrets.5.in
index adb915e4dc..f4bb42d0dd 100644
--- a/src/pluto/ipsec.secrets.5.in
+++ b/src/pluto/ipsec.secrets.5.in
@@ -151,13 +151,15 @@ delimited by double-quote characters (\fB"\fP).
 \fBXAUTH\fP secrets are IKEv1 only.
 .TP
 .B : PIN <smartcard selector> <pin code> | %prompt
-The format
+IKEv1 uses the format
 .B "%smartcard[<slot nr>[:<key id>]]"
-is used to specify the smartcard selector (e.g. %smartcard1:50). For IKEv1,
-instead of specifying the pin code statically,
+to specify the smartcard selector (e.g. %smartcard1:50).
+The IKEv2 daemon supports multiple modules with the format
+.B "%smartcard[<slot nr>[@<module>]]:<keyid>"
+, but always requires a keyid to uniquely select the correct key. Instead of
+specifying the pin code statically,
 .B %prompt
-can be specified, which causes the pluto daemon to ask the user for the pin
-code.
+can be specified, which causes the daemons to ask the user for the pin code.
 .LP
 
 .SH FILES