[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-announce
Subject: Re: [strongSwan-dev] [PATCH] xauth_pam don't open/close PAM sessions
From: Martin Willi <martin () strongswan ! org>
Date: 2014-01-22 13:36:16
Message-ID: 1390397776.2898.7.camel () martin
[Download RAW message or body]
Hi Andrea,
> I have changed the license to MIT and moved the service lookup into the
> listener construction.
Thanks for the updated patch, I did some testing with it. Some notes:
* Is there a specific reason why you open a session for each
virtual IP? As the IP is actually not bound to that session,
would a single session per IKE_SA be sufficient?
* As the PAM sessions are not directly coupled to PAM
authentication (but any IKE_SA), I think it might be worth to
have an option to disable this session functionality.
* Having a null PAM conversion function makes my PAM complain
here. Therefore I introduced a dummy function that ignores any
Info Text, but fails if anything is requested by PAM.
Please have a look at the changes at [1], and let me know if that
version works for you.
Best Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/pam-session
_______________________________________________
Dev mailing list
Dev@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic