[Swan] pam_open_session(3) Re: SUCCESS Re: NEW PROBLEM Re: IKEv2 PAM auth failure - how it's done properly?

Mirsad Goran Todorovac mirsad.todorovac at alu.unizg.hr
Thu Feb 3 14:01:12 EET 2022

On 1.2.2022. 2:53, Paul Wouters wrote:

> On Fri, 28 Jan 2022, Mirsad Goran Todorovac wrote:
>> Thank you, PLUTO_PEER_ID was exactly what I wanted, and it wasn't 
>> documented ;-)
>>>>  Could I possibly log the information which certificate was used 
>>>> when the
>>>>  IKEv2 connection was established?
>>>  Yes, if you check the _updown script you should see all the 
>>> environment
>>>  variables we pass into it from our pluto daemon. Or you can check the
>>>  function jam_common_shell_out() in programs/pluto/kernel.c (we might
>>>  have not always updated the _updown env variables comments there)
>> This was a very useful advice. Don't worry about the script not being 
>> updated, nobody
>> throws a gem because it was not polished :-)
> I've updated the variable list:
> https://github.com/libreswan/libreswan/commit/beb07948532b6a0a9ff3435f21c44e6e62f1f596 
That's great. I believe such minor improvements make the package more 
user friendly, as not
just everyone can discern this from the libreswan kernel.c source ;-)

IMHO MS Windows was not successful because it was better, but because 
things worked out
of the box for people that were not computer professionals ...


Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu

More information about the Swan mailing list