[sudo-users] PAM rhost
Michael Ströder
michael at stroeder.com
Sat Feb 29 09:06:55 MST 2020
On 2/29/20 4:15 PM, Todd C. Miller wrote:
> I used to set PAM_RHOST on all PAM systems but on Linux it resulted
> in a DNS lookup via libaudit. I don't know if that is still the
> case. I suppose it could be changed to a sudoers setting.
Are you sure the DNS lookup was done by libaudit?
Sounds a bit like this bug filed four years ago:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1571903
Furthermore there's an option 'log_format' in auditd.conf which seems to
trigger all kind of name lookups in auditd. But this kind of implies
that such a name lookup is not done in libaudit and thus would not block
the application invoking PAM.
Excerpt from auditd.conf(5):
log_format
[..] The ENRICHED option will resolve all uid, gid, syscall,
architecture, and socket address information before writing the event
to disk.[..]
Is there a simple way to test that?
Ciao, Michael.
More information about the sudo-users
mailing list