[Openswan Users] pam authentication being used for xauth even when USE_XAUTHPAM?=false

Mohit Mehta mohit.mehta at vyatta.com
Tue Aug 18 17:02:07 EDT 2009 

I am using openswan's server and client with XAUTH. I grabbed the source from debian lenny and have set USE_XAUTH?=true and USE_XAUTHPAM?=false in Makefile.inc. However, on the server side; when I get the user and pass from the client after phase 1, I see this message in logs -

"xauth-roadwarriors"[2] 172.16.117.200 #4: XAUTH: pam authentication being called to authenticate user mohit

I am not sure why pam would be used when USE_XAUTHPAM?=false and /etc/ipsec.d/passwd is not used. Config files for server and client are below. Am I missing anything here?


Relevant files for the server are :

root at vDUT-1# more /etc/ipsec.secrets
# sample /etc/ipsec.secrets file for 172.16.117.128
172.16.117.128 @mohit : PSK "mohitmehta"


root at vDUT-1# more /etc/ipsec.d/passwd
mohit:mehta:xauth-roadwarriors


root at vDUT-1# more /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006-10-19 03:49:46 paul Exp $

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        nat_traversal=yes
        interfaces=%defaultroute
        nhelpers=0

conn xauth-roadwarriors
        aggrmode=yes
        authby=secret
        auto=add
        ike=aes-sha1-modp1024
        left=172.16.117.128
        leftxauthserver=yes
        right=%any
        rightid=@mohit
        rightxauthclient=yes

# sample VPN connections, see /etc/ipsec.d/examples/

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf



On the client side :

root at vDUT-3# more /etc/ipsec.secrets
# sample /etc/ipsec.secrets file for 172.16.117.128
172.16.117.128 @mohit : PSK "mohitmehta"


root at vDUT-3# more /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006-10-19 03:49:46 paul Exp $

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        nat_traversal=yes
        interfaces=%defaultroute
        nhelpers=0

conn xauth-roadwarriors
        aggrmode=yes
        authby=secret
        auto=add
        ike=aes-sha1-modp1024
        left=172.16.117.128
        leftxauthserver=yes
        right=%defaultroute
        rightid=@mohit
        rightxauthclient=yes

# sample VPN connections, see /etc/ipsec.d/examples/


#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

More information about the Users mailing list