[Swan] an xauth logging message
Paul Wouters
paul at cypherpunks.ca
Fri Mar 1 23:40:05 EET 2013
On Fri, 1 Mar 2013, Antony Antony wrote:
>> It looks like the xauth setting should be a three-state value
>>
>> leftxauth=no
>> leftxauth=server
>> leftxauth=client
>
> it is a good direction.
> Keep in mind currently there are bunch of xauth all over.
>
> xauthfail
> xauthby
> leftxauthusername
> leftxauthname
>
> would it be an idea make them a bit more consistant?
>
> leftxauth = no|server|client
> leftxauthby = file|pam|alwaysok
> leftxauthname =
> leftmodecfg = no|server|client
> leftaddresspool = 1.2.3.0-1.2.3.100
> leftmodecfgdns1 = 1.2.3.4
> leftmodecfgdns2 = 1.2.3.5
> leftxauthfail = hard|soft
As we are still expecting a lot of people to migrate from openswan to
libreswan, I'm a bit hesitant to make changes for these at this point.
I believe xauth, xauthby and xauthfail are not endpoint settings. I agree
that leftmodecfgdns1/leftmodecfg/leftaddresspool should have been
endpoint settings.
Paul
More information about the Swan
mailing list