[Swan] pam_open_session(3) Re: SUCCESS Re: NEW PROBLEM Re: IKEv2 PAM auth failure - how it's done properly?
Paul Wouters
paul at nohats.ca
Wed Jan 26 16:51:33 EET 2022
On Wed, 26 Jan 2022, Mirsad Goran Todorovac wrote:
> I did some research. It may be impossible to log IKEv2 sessions in utmp and
> wtmp, for libreswan doesn't appear to be calling pam_open_session(3) after
> authenticating the certificate and the user and pam_close_session(3) after
> the connection is severed.
We never worked with utmp/wtmp, which to me feels more like unix user
login related ?
> I would like to have some handy connection logging apart from
> /var/log/pluto.log ...
Have a look at https://github.com/libreswan/libreswan/blob/main/contrib/updown-example/example-terminate.py
It shows how you can log the disconnect to a file, but you can replace
the file with like your REST server call.
Paul
More information about the Swan
mailing list