Not sure what it should use as default though, if you can summarise me what it should authenticate I can see to tell you the best default for it.
I am not an expert in this but as I am trying to setupIPsec, I came acress this which might help you: $ man racoon.conf: [cut] accounting (none | system | radius | pam); Enables or disables accounting for Xauth logins and logouts. The default is none which disable accounting. Specifying system enables system accounting through utmp(5). Specifying radius enables RADIUS accounting. It works only if racoon(8) was built with libradius support and requires RADIUS authentication. RADIUS configuration is handled by radius.conf(5). Specifying pam enables PAM accounting. It works only if racoon(8) was build with libpam support and requires PAM authentication.
Hi Diego, ancient bug, but important package. I just adopted it. The racoon.conf statement of interest is auth_source (not accounting), which means how users are authenticated to the service. I'm looking at what fedora does (fc 16) and their pam.d/racoon file looks something like this: auth required pam_succeed_if.so user != root auth include password-auth account required pam_nologin.so account include password-auth password include password-auth session include password-auth where their password-auth is approximately equal to our system-auth. I'm not sure why they have the pam_succeed_if user != root. Also, their account required pam_nologin.so is already in our system-auth. I'm thinking we might be okay with just a copy of pam.d/sshd for racoon. If you think its a good idea, I can add that to my next rev bump.
Okay I've added pam.d/racoon equal to auth include system-remote-login account include system-remote-login password include system-remote-login session include system-remote-login Its in the tree with ipsec-tools-0.8.0-r1. Please reopen this bug if there's a problem with this pam file as a *default*.
