I was finally able to reproduce it here, despite the lack of more
specific instructions.
$ lxc launch noble n-radius --vm
$ lxc shell n-radius
# apt update && apt install libpam-radius-auth
# vim /etc/pam.d/sudo
Add the following line to the file:
auth sufficient pam_radius_auth.so debug
# cat > /etc/pam_radius_auth.conf << _EOF_
127.0.0.1 secret 3
[::1] secret 3
_EOF_
# echo 'GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} ipv6.disable=1"' >>
/etc/default/grub.d/99-disable-ipv6.cfg
# update-grub
# echo "ubuntu ALL=(ALL:ALL) ALL" > /etc/sudoers.d/support
# passwd ubuntu
Choose an easy password here, like "123".
Reboot the machine, and shell in again:
# su - ubuntu
# sudo true
Type the password, and see the crash.
Now, what I found is that this crash is unrelated to this bug. You can
reproduce it using the version of libpam-radius-auth that's currently in
the archive on Noble *and* Oracular. Plucky has a newer version of the
package, which I haven't tested.
I believe this crash deserves its own separate bug report, and should
probably be fixed before addressing this particular bug.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/2068729
Title:
pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not
supported by protocol
Status in libpam-radius-auth package in Ubuntu:
Triaged
Status in shadow package in Ubuntu:
Confirmed
Bug description:
New and fully updated 24.04 LTS with disabled IPv6 (The CISA secure
config states that IPv6 is to be disabled unless it's in use).
lsb_release -rd:
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
apt-cache policy libpam-radius-auth
libpam-radius-auth:
Installed: 2.0.1-1
Candidate: 2.0.1-1
Version table:
*** 2.0.1-1 500
500 http://au.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
100 /var/lib/dpkg/status
What you expected to happen:
Based on
https://github.com/FreeRADIUS/pam_radius/blob/master/src/pam_radius_auth.c, the
pam_radius_auth module must support ipv6 and ipv4 options.
/etc/pam.d/sshd:
auth sufficient pam_radius_auth.so conf=/etc/pam_radius_auth.conf
retry=3 ipv4=yes ipv6=no debug
What happened instead:
2024-06-07T22:07:57.499460+10:00 ubuntu sshd[584305]: pam_radius_auth: 2.0.1,
built on Aug 19 2023 at 14:08:42
2024-06-07T22:07:57.499672+10:00 ubuntu sshd[584305]: pam_radius_auth:
unrecognized option 'ipv4=yes'
2024-06-07T22:07:57.499880+10:00 ubuntu sshd[584305]: pam_radius_auth:
unrecognized option 'ipv6=no'
2024-06-07T22:07:57.500051+10:00 ubuntu sshd[584305]: pam_radius_auth: DEBUG:
conf_file='/etc/pam_radius_auth.conf' use_first_pass=no try_first_pass=no
skip_passwd=no retry=3 localifdown=no client_id='' accounting_bug=no ruser=no
prompt='Password: ' force_prompt=no prompt_attribute=no max_challenge=0
privilege_level=no
2024-06-07T22:07:57.500279+10:00 ubuntu sshd[584305]: pam_radius_auth: Got
user name: 'test'
2024-06-07T22:07:57.502892+10:00 ubuntu sshd[584305]: pam_radius_auth: Failed
to open RADIUS IPv6 socket: Address family not supported by protocol
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-radius-auth/+bug/2068729/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
