[Swan] pam_open_session(3) Re: SUCCESS Re: NEW PROBLEM Re: IKEv2 PAM auth failure - how it's done properly?
Paul Wouters
paul at nohats.ca
Tue Feb 1 03:53:36 EET 2022
On Fri, 28 Jan 2022, Mirsad Goran Todorovac wrote:
> Thank you, PLUTO_PEER_ID was exactly what I wanted, and it wasn't documented
> ;-)
>>> Could I possibly log the information which certificate was used when the
>>> IKEv2 connection was established?
>>
>> Yes, if you check the _updown script you should see all the environment
>> variables we pass into it from our pluto daemon. Or you can check the
>> function jam_common_shell_out() in programs/pluto/kernel.c (we might
>> have not always updated the _updown env variables comments there)
>
> This was a very useful advice. Don't worry about the script not being
> updated, nobody
> throws a gem because it was not polished :-)
I've updated the variable list:
https://github.com/libreswan/libreswan/commit/beb07948532b6a0a9ff3435f21c44e6e62f1f596
Paul
More information about the Swan
mailing list