Not a big, exciting fix, but one nontheless.
The ideal fix would have ipsecconf and ipseckey understanding privs.
There are 2 problems. First, there are both solaris:cmd and suser:cmd
lines for ipsecconf and ipseckey. The solaris:cmd seems to be
overriding the suser:cmd. Second, ipseckey does a 'uid==0' check so
using euid=0 in it's suser:cmd line doesn't work.
Attached is a diff.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1156 bytes
Desc: not available