[Swan] pam_open_session(3) Re: SUCCESS Re: NEW PROBLEM Re: IKEv2 PAM auth failure - how it's done properly?
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Thu Feb 3 14:01:12 EET 2022
On 1.2.2022. 2:53, Paul Wouters wrote:
> On Fri, 28 Jan 2022, Mirsad Goran Todorovac wrote:
>
>> Thank you, PLUTO_PEER_ID was exactly what I wanted, and it wasn't
>> documented ;-)
>>>> Could I possibly log the information which certificate was used
>>>> when the
>>>> IKEv2 connection was established?
>>>
>>> Yes, if you check the _updown script you should see all the
>>> environment
>>> variables we pass into it from our pluto daemon. Or you can check the
>>> function jam_common_shell_out() in programs/pluto/kernel.c (we might
>>> have not always updated the _updown env variables comments there)
>>
>> This was a very useful advice. Don't worry about the script not being
>> updated, nobody
>> throws a gem because it was not polished :-)
>
> I've updated the variable list:
>
> https://github.com/libreswan/libreswan/commit/beb07948532b6a0a9ff3435f21c44e6e62f1f596
>
That's great. I believe such minor improvements make the package more
user friendly, as not
just everyone can discern this from the libreswan kernel.c source ;-)
IMHO MS Windows was not successful because it was better, but because
things worked out
of the box for people that were not computer professionals ...
Mirsad
--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
--
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
More information about the Swan
mailing list