Can any user run 'ikeadm token login' ? Or is a specific authorisation needed ? If so what is it ? Same for logout.
I'm particularly interested in the case where the key is actually a users smartcard and the user has no direct root access. In this case I would rather not give them an RBAC profile that allows running ikeadm as uid=0 because then they can do other things to ike. -- Darren J Moffat
