Feature #222
updown_pam
Description
StrongSwan can use PAM for handling updown events. Just like xauth_pam, updown_pam can use session open/close events to handle ups & downs of ipsec tunnels.
Whole system can be then configured in one /etc/pam.d/ipsec file using (standard or custom) PAM modules.
I'm considering writing it myself, just to have all-in-one bundle in one PAM module.
History
#1 Updated by Tobias Brunner about 9 years ago
- Status changed from New to Feedback
I don't really see why a plugin on strongSwan's side would be required. Can't this just be done with something like pam-script and ipsec up/down?
#2 Updated by Michal Zubac about 9 years ago
I mean, StrongSwan could make direct calls to PAM (which then comes to PAM module's session_open/close functions), so you skip the overhead of running shell interpreter, which starts some other program(s). Then you could have authentication code & session handling code in one place, in PAM module.
And you could mimic current updown behaviour by using updown_pam + pam-script.
#3 Updated by Martin Willi about 7 years ago
- Status changed from Feedback to Closed
- Assignee set to Martin Willi
- Target version set to 5.2.0
- Resolution set to Fixed