Description of problem: Currently it is only possible to create ipsec tunnels that are authenticated against passwd/shadow files, if PAM was included too then the users could be on a LDAP server too. There's a --with-ldap and --with-radius) too, but PAM should cover those, right?
Could you try to rebuild the src.rpm with these options enabled and test whether it works (preferably with SELinux enforcing)?
Works with permissive but not enforcing: type=1400 audit(1226603307.249:71): avc: denied { read } for pid=6964 comm="unix_chkpwd" name="resolv.conf" dev=sda3 ino=762137 scontext=system_u:system_r:racoon_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file type=1400 audit(1226588980.506:52): avc: denied { read } for pid=6574 comm="unix_chkpwd" name="shadow" dev=sda3 ino=761329 scontext=system_u:system_r:racoon_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file Will look at it more next week...
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle. Changing version to '10'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Enabled in rawhide. It will probably need some selinux policy adjustments though.