[Swan] pam_open_session(3) Re: SUCCESS Re: NEW PROBLEM Re: IKEv2 PAM auth failure - how it's done properly?

Paul Wouters paul at nohats.ca
Tue Feb 1 03:53:36 EET 2022

On Fri, 28 Jan 2022, Mirsad Goran Todorovac wrote:

> Thank you, PLUTO_PEER_ID was exactly what I wanted, and it wasn't documented 
> ;-)
>>>  Could I possibly log the information which certificate was used when the
>>>  IKEv2 connection was established?
>>  Yes, if you check the _updown script you should see all the environment
>>  variables we pass into it from our pluto daemon. Or you can check the
>>  function jam_common_shell_out() in programs/pluto/kernel.c  (we might
>>  have not always updated the _updown env variables comments there)
> This was a very useful advice. Don't worry about the script not being 
> updated, nobody
> throws a gem because it was not polished :-)

I've updated the variable list:



More information about the Swan mailing list