I'm seeing this issue as well, but only on my Ubuntu 20.04/22.04 boxes. My EL8/9 boxes with the same access.conf setup are not seeing this issue.
Logs from pam_access in debug mode on an Ubuntu 20.04 box given below but my 22.04 systems do the same thing. My EL8/9 system logs look the same sans the 'cannot resolve hostname "LOCAL"' error message. Seems to be releated to these 2 bugs: https://github.com/linux-pam/linux-pam/issues/834 https://github.com/linux-pam/linux-pam/issues/711 The EL8 PAM package includes these patches to resolve this issue: https://github.com/linux-pam/linux-pam/commit/08992030c56c940c0707ccbc442b1c325aa01e6d https://github.com/linux-pam/linux-pam/commit/ecaaf4456e5aeacae1acdb1775bb5aadd3b19e13 https://github.com/linux-pam/linux-pam/commit/641dfd1084508c63f3590e93a35b80ffc50774e5 https://github.com/linux-pam/linux-pam/commit/4ba3105511c3a55fc750a790f7310c6d7ebfdfda https://github.com/linux-pam/linux-pam/commit/940747f88c16e029b69a74e80a2e94f65cb3e628 access.conf: + : root : LOCAL + : sudo : LOCAL + : agroup : 192.168.0.0/16 + : agroup2 : 192.168.100.0/24 - : ALL : ALL EXCEPT LOCAL pam_access.so debug: Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): login_access: user=auser, from=192.168.19.2, file=/etc/security/access.conf Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): line 1: + : root : LOCAL Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): list_match: list= root , item=auser Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): user_match: tok=root, item=auser Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): string_match: tok=root, item=auser Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): user_match=0, "auser" Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): line 2: + : sudo : LOCAL Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): list_match: list= sudo , item=auser Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): user_match: tok=sudo, item=auser Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): string_match: tok=sudo, item=auser Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): user_match=1, "auser" Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): list_match: list= LOCAL, item=auser Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): from_match: tok=LOCAL, item=192.168.19.2 Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): string_match: tok=LOCAL, item=192.168.19.2 Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): network_netmask_match: tok=LOCAL, item=192.168.19.2 Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): cannot resolve hostname "LOCAL" Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): from_match=0, "192.168.19.2" Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): line 3: + : agroup : 192.168.0.0/16 Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): list_match: list= agroup , item=auser Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): user_match: tok=agroup, item=auser Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): string_match: tok=agroup, item=auser Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): user_match=1, "auser" Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): list_match: list= 192.168.0.0/16 Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): from_match: tok=192.168.0.0/16, item=192.168.19.2 Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): string_match: tok=192.168.0.0/16, item=192.168.19.2 Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): network_netmask_match: tok=192.168.0.0/16, item=192.168.19.2 Feb 14 12:00:29 anotherserver sshd[3443]: pam_access(sshd:auth): from_match=1, "192.168.19.2" ** Bug watch added: github.com/linux-pam/linux-pam/issues #834 https://github.com/linux-pam/linux-pam/issues/834 ** Bug watch added: github.com/linux-pam/linux-pam/issues #711 https://github.com/linux-pam/linux-pam/issues/711 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046526 Title: pam_access Configuration Treats TTY Names as Hostnames To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2046526/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
