Mailinglist Archive: opensuse-bugs (4247 mails)

< Previous Next >
[Bug 1019866] pam_access.so is not supporting a keywords like LOCAL (man access.conf)
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 17 Jan 2017 23:06:29 +0000
  • Message-id: <bug-1019866-21960-vwX2HsCPvh@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1019866
http://bugzilla.opensuse.org/show_bug.cgi?id=1019866#c2

Daniel Pecka <nettezzaumanaa@xxxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(nettezzaumanaa@gm |
|ail.com) |

--- Comment #2 from Daniel Pecka <nettezzaumanaa@xxxxxxxxx> ---
hello josef,

don't take it personal but you obviously didn't follow how-to-reproduce steps
very closely since it could be reproduced everywhere :),, but anyhow

with LOCAL:

2017-01-17T23:59:30.253893+01:00 head22 sshd[10791]: pam_access(sshd:account):
login_access: user=root, from=::1, file=/etc/security/access.conf
2017-01-17T23:59:30.274468+01:00 head22 sshd[10791]: pam_access(sshd:account):
line 125: - : root : ALL EXCEPT LOCAL
2017-01-17T23:59:30.274579+01:00 head22 sshd[10791]: pam_access(sshd:account):
list_match: list=root, item=root
2017-01-17T23:59:30.274643+01:00 head22 sshd[10791]: pam_access(sshd:account):
user_match: tok=root, item=root
2017-01-17T23:59:30.274711+01:00 head22 sshd[10791]: pam_access(sshd:account):
string_match: tok=root, item=root
2017-01-17T23:59:30.274782+01:00 head22 sshd[10791]: pam_access(sshd:account):
user_match=1, "root"
2017-01-17T23:59:30.274847+01:00 head22 sshd[10791]: pam_access(sshd:account):
list_match: list=ALL EXCEPT LOCAL, item=root
2017-01-17T23:59:30.274915+01:00 head22 sshd[10791]: pam_access(sshd:account):
from_match: tok=ALL, item=::1
2017-01-17T23:59:30.274979+01:00 head22 sshd[10791]: pam_access(sshd:account):
string_match: tok=ALL, item=::1
2017-01-17T23:59:30.275043+01:00 head22 sshd[10791]: pam_access(sshd:account):
from_match: tok=LOCAL, item=::1
2017-01-17T23:59:30.275109+01:00 head22 sshd[10791]: pam_access(sshd:account):
string_match: tok=LOCAL, item=::1
2017-01-17T23:59:30.275173+01:00 head22 sshd[10791]: pam_access(sshd:account):
network_netmask_match: tok=LOCAL, item=::1
2017-01-17T23:59:30.275237+01:00 head22 sshd[10791]: pam_access(sshd:account):
from_match=1, "::1"
2017-01-17T23:59:30.275305+01:00 head22 sshd[10791]: pam_access(sshd:account):
access denied for user `root' from `::1'
2017-01-17T23:59:30.275384+01:00 head22 sshd[10791]: fatal: Access denied for
user root by PAM account configuration [preauth]

# host ::1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa domain
name pointer localhost.

with localhost

2017-01-18T00:03:15.940335+01:00 head22 sshd[10847]: pam_access(sshd:account):
login_access: user=root, from=::1, file=/etc/security/access.conf
2017-01-18T00:03:15.940805+01:00 head22 sshd[10847]: pam_access(sshd:account):
line 125: - : root : ALL EXCEPT localhost
2017-01-18T00:03:15.940993+01:00 head22 sshd[10847]: pam_access(sshd:account):
list_match: list=root, item=root
2017-01-18T00:03:15.941191+01:00 head22 sshd[10847]: pam_access(sshd:account):
user_match: tok=root, item=root
2017-01-18T00:03:15.941375+01:00 head22 sshd[10847]: pam_access(sshd:account):
string_match: tok=root, item=root
2017-01-18T00:03:15.941693+01:00 head22 sshd[10847]: pam_access(sshd:account):
user_match=1, "root"
2017-01-18T00:03:15.941895+01:00 head22 sshd[10847]: pam_access(sshd:account):
list_match: list=ALL EXCEPT localhost, item=root
2017-01-18T00:03:15.942059+01:00 head22 sshd[10847]: pam_access(sshd:account):
from_match: tok=ALL, item=::1
2017-01-18T00:03:15.942215+01:00 head22 sshd[10847]: pam_access(sshd:account):
string_match: tok=ALL, item=::1
2017-01-18T00:03:15.942370+01:00 head22 sshd[10847]: pam_access(sshd:account):
from_match: tok=localhost, item=::1
2017-01-18T00:03:15.942479+01:00 head22 sshd[10847]: pam_access(sshd:account):
string_match: tok=localhost, item=::1
2017-01-18T00:03:15.942553+01:00 head22 sshd[10847]: pam_access(sshd:account):
network_netmask_match: tok=localhost, item=::1
2017-01-18T00:03:15.942616+01:00 head22 sshd[10847]: pam_access(sshd:account):
from_match=1, "::1"
2017-01-18T00:03:15.942681+01:00 head22 sshd[10847]: pam_access(sshd:account):
access denied for user `root' from `::1'
2017-01-18T00:03:15.942752+01:00 head22 sshd[10847]: fatal: Access denied for
user root by PAM account configuration [preauth]

with ssh -4 ....

2017-01-18T00:04:19.568540+01:00 head22 sshd[10852]: pam_access(sshd:account):
login_access: user=root, from=127.0.0.1, file=/etc/security/access.conf
2017-01-18T00:04:19.569063+01:00 head22 sshd[10852]: pam_access(sshd:account):
line 125: - : root : ALL EXCEPT localhost
2017-01-18T00:04:19.569257+01:00 head22 sshd[10852]: pam_access(sshd:account):
list_match: list=root, item=root
2017-01-18T00:04:19.569441+01:00 head22 sshd[10852]: pam_access(sshd:account):
user_match: tok=root, item=root
2017-01-18T00:04:19.569621+01:00 head22 sshd[10852]: pam_access(sshd:account):
string_match: tok=root, item=root
2017-01-18T00:04:19.569837+01:00 head22 sshd[10852]: pam_access(sshd:account):
user_match=1, "root"
2017-01-18T00:04:19.570022+01:00 head22 sshd[10852]: pam_access(sshd:account):
list_match: list=ALL EXCEPT localhost, item=root
2017-01-18T00:04:19.570185+01:00 head22 sshd[10852]: pam_access(sshd:account):
from_match: tok=ALL, item=127.0.0.1
2017-01-18T00:04:19.570357+01:00 head22 sshd[10852]: pam_access(sshd:account):
string_match: tok=ALL, item=127.0.0.1
2017-01-18T00:04:19.570557+01:00 head22 sshd[10852]: pam_access(sshd:account):
from_match: tok=localhost, item=127.0.0.1
2017-01-18T00:04:19.570634+01:00 head22 sshd[10852]: pam_access(sshd:account):
string_match: tok=localhost, item=127.0.0.1
2017-01-18T00:04:19.570701+01:00 head22 sshd[10852]: pam_access(sshd:account):
network_netmask_match: tok=localhost, item=127.0.0.1
2017-01-18T00:04:19.570766+01:00 head22 sshd[10852]: pam_access(sshd:account):
from_match=1, "127.0.0.1"
2017-01-18T00:04:19.570830+01:00 head22 sshd[10852]: pam_access(sshd:account):
access denied for user `root' from `127.0.0.1'
2017-01-18T00:04:19.570903+01:00 head22 sshd[10852]: fatal: Access denied for
user root by PAM account configuration [preauth]

# cat /etc/hosts
#
# hosts This file describes a number of hostname-to-address
# mappings for the TCP/IP subsystem. It is mostly
# used at boot time, when no name servers are running.
# On small systems, this file can be used instead of a
# "named" name server.
# Syntax:
#
# IP-Address Full-Qualified-Hostname Short-Hostname
#

127.0.0.1 localhost

# special IPv6 addresses
::1 localhost ipv6-localhost ipv6-loopback

fe00::0 ipv6-localnet

ff00::0 ipv6-mcastprefix
ff02::1 ipv6-allnodes
ff02::2 ipv6-allrouters
ff02::3 ipv6-allhosts

^^ etc/hosts are untouched

regards, daniel

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >