2024-06-07 12:50:23 |
Real Ursus |
description |
New and fully updated 24.04 LTS with disabled IPv6 (The CISA secure config states that IPv6 is to be disabled unless it's in use).
lsb_release -rd:
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
apt-cache policy libpam-radius-auth
libpam-radius-auth:
Installed: 2.0.1-1
Candidate: 2.0.1-1
Version table:
*** 2.0.1-1 500
500 http://au.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
100 /var/lib/dpkg/status
What you expected to happen:
Based on https://github.com/FreeRADIUS/pam_radius/blob/master/src/pam_radius_auth.c module must support ipv6 and ipv4 options.
/etc/pam.d/sshd:
auth sufficient pam_radius_auth.so conf=/etc/pam_radius_auth.conf retry=3 ipv4=yes ipv6=no debug
What happened instead:
2024-06-07T22:07:57.499460+10:00 ubuntu sshd[584305]: pam_radius_auth: 2.0.1, built on Aug 19 2023 at 14:08:42
2024-06-07T22:07:57.499672+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv4=yes'
2024-06-07T22:07:57.499880+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv6=no'
2024-06-07T22:07:57.500051+10:00 ubuntu sshd[584305]: pam_radius_auth: DEBUG: conf_file='/etc/pam_radius_auth.conf' use_first_pass=no try_first_pass=no skip_passwd=no retry=3 localifdown=no client_id='' accounting_bug=no ruser=no prompt='Password: ' force_prompt=no prompt_attribute=no max_challenge=0 privilege_level=no
2024-06-07T22:07:57.500279+10:00 ubuntu sshd[584305]: pam_radius_auth: Got user name: 'test'
2024-06-07T22:07:57.502892+10:00 ubuntu sshd[584305]: pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not supported by protocol |
New and fully updated 24.04 LTS with disabled IPv6 (The CISA secure config states that IPv6 is to be disabled unless it's in use).
lsb_release -rd:
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
apt-cache policy libpam-radius-auth
libpam-radius-auth:
Installed: 2.0.1-1
Candidate: 2.0.1-1
Version table:
*** 2.0.1-1 500
500 http://au.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
100 /var/lib/dpkg/status
What you expected to happen:
Based on https://github.com/FreeRADIUS/pam_radius/blob/master/src/pam_radius_auth.c, the pam_radius_auth module must support ipv6 and ipv4 options.
/etc/pam.d/sshd:
auth sufficient pam_radius_auth.so conf=/etc/pam_radius_auth.conf retry=3 ipv4=yes ipv6=no debug
What happened instead:
2024-06-07T22:07:57.499460+10:00 ubuntu sshd[584305]: pam_radius_auth: 2.0.1, built on Aug 19 2023 at 14:08:42
2024-06-07T22:07:57.499672+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv4=yes'
2024-06-07T22:07:57.499880+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv6=no'
2024-06-07T22:07:57.500051+10:00 ubuntu sshd[584305]: pam_radius_auth: DEBUG: conf_file='/etc/pam_radius_auth.conf' use_first_pass=no try_first_pass=no skip_passwd=no retry=3 localifdown=no client_id='' accounting_bug=no ruser=no prompt='Password: ' force_prompt=no prompt_attribute=no max_challenge=0 privilege_level=no
2024-06-07T22:07:57.500279+10:00 ubuntu sshd[584305]: pam_radius_auth: Got user name: 'test'
2024-06-07T22:07:57.502892+10:00 ubuntu sshd[584305]: pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not supported by protocol |
|