[sudo-users] PAM rhost
michael at stroeder.com
Sat Feb 29 09:06:55 MST 2020
On 2/29/20 4:15 PM, Todd C. Miller wrote:
> I used to set PAM_RHOST on all PAM systems but on Linux it resulted
> in a DNS lookup via libaudit. I don't know if that is still the
> case. I suppose it could be changed to a sudoers setting.
Are you sure the DNS lookup was done by libaudit?
Sounds a bit like this bug filed four years ago:
Furthermore there's an option 'log_format' in auditd.conf which seems to
trigger all kind of name lookups in auditd. But this kind of implies
that such a name lookup is not done in libaudit and thus would not block
the application invoking PAM.
Excerpt from auditd.conf(5):
[..] The ENRICHED option will resolve all uid, gid, syscall,
architecture, and socket address information before writing the event
Is there a simple way to test that?
More information about the sudo-users