Project

General

Profile

Feature #222

updown_pam

Added by Michal Zubac about 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
libcharon
Target version:
Start date:
07.09.2012
Due date:
Estimated time:
Resolution:
Fixed

Description

StrongSwan can use PAM for handling updown events. Just like xauth_pam, updown_pam can use session open/close events to handle ups & downs of ipsec tunnels.
Whole system can be then configured in one /etc/pam.d/ipsec file using (standard or custom) PAM modules.

I'm considering writing it myself, just to have all-in-one bundle in one PAM module.

History

#1 Updated by Tobias Brunner about 8 years ago

  • Status changed from New to Feedback

I don't really see why a plugin on strongSwan's side would be required. Can't this just be done with something like pam-script and ipsec up/down?

#2 Updated by Michal Zubac about 8 years ago

I mean, StrongSwan could make direct calls to PAM (which then comes to PAM module's session_open/close functions), so you skip the overhead of running shell interpreter, which starts some other program(s). Then you could have authentication code & session handling code in one place, in PAM module.

And you could mimic current updown behaviour by using updown_pam + pam-script.

#3 Updated by Martin Willi over 6 years ago

  • Status changed from Feedback to Closed
  • Assignee set to Martin Willi
  • Target version set to 5.2.0
  • Resolution set to Fixed

PAM session management is support since 5.1.2, see 2312504d.

Also available in: Atom PDF