What were you trying to do that didn't work?
pam_access is enabled, with below policy line in /etc/security/access.conf
+:bob:LOCAL
pam_access had been working up to (including) pam-1.5.1-15. The user was able to login, and there was no error message.
After upgrading to pam-1.5.1-19, the user is still able to login, however, below error message appears in /var/log/secure
pam_access(sshd:account): cannot resolve hostname "LOCAL"
Please provide the package NVR for which bug is seen:
Preparing : 1/1 Upgrading : pam-1.5.1-19.el9.x86_64 1/2 Running scriptlet: pam-1.5.1-19.el9.x86_64 1/2 Cleanup : pam-1.5.1-15.el9.x86_64 2/2 Running scriptlet: pam-1.5.1-15.el9.x86_64 2/2 Verifying : pam-1.5.1-19.el9.x86_64 1/2 Verifying : pam-1.5.1-15.el9.x86_64 2/2
How reproducible:
100%
Steps to reproduce
1. Enable pam_access
authselect enable-feature with-pamaccess
2. Add policy line to /etc/security/access.conf
-:bob:LOCAL +:bob:ALL
3. perform ssh login.
ssh bob@127.0.0.1
Expected results
No error message. This is the behaviour prior to upgrade
Actual results
Incorrect error message is printed
pam_access(sshd:account): cannot resolve hostname "LOCAL"
- is caused by
-
RHEL-22300 [RHEL9] Using "pam_access", ssh login fails with this entry in /etc/security/access.conf "+:username:localhost server1.example.com"
- Closed
- links to