[strongSwan] charon plugin xauth-pam
Cindy Moore
ctmoore at cs.ucsd.edu
Wed Sep 17 00:14:09 CEST 2014
According to /etc/strongswan.conf, which includes all the *conf files
in /etc/strongswan.d/charon/
I *should* be loading up the contents of
/etc/strongswan.d/charon/xauth-pam.conf which are
root at vpn:/etc/strongswan.d/charon# more xauth-pam.conf
xauth-pam {
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
# PAM service to be used for authentication.
pam_service = login
# Open/close a PAM session for each active IKE_SA.
session = no
# If an email address is received as an XAuth username, trim it to just the
# username part.
trim_email = yes
}
However, ipsec statusall gives me
loaded plugins: charon test-vectors ldap aes rc2 sha1 sha2 md4 md5
random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem
openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve
socket-default stroke updown eap-identity eap-mschapv2 eap-radius
xauth-generic addrblock
No xauth-pam :-/
Which unless I'm mistaken (possible!) is why I get
Sep 16 14:44:46 c09-44 charon: 08[IKE] activating XAUTH task
Sep 16 14:44:46 c09-44 charon: 08[CFG] no XAuth method found for 'pam'
in a hybrid rsa configuration when i try to use rightauth=xauth-pam as
described here
https://wiki.strongswan.org/projects/strongswan/wiki/XAuthPam
How do I get strongswan to load this module in? This page
https://wiki.strongswan.org/projects/strongswan/wiki/PluginList
kind of suggests I'd have to recompile strongswan. I'm really hoping
I don't have to!
More information about the Users
mailing list