[Bug 2068729] Re: pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not supported by protocol

Wed Jun 12 13:01:14 UTC 2024

Hi Lena,
Thank you for looking into the problem.
>I I created a PPA to test that adding this commit fixes the issue here: https://launchpad.net/~lvoytek/+archive/ubuntu/libpam-radius-auth-ipv4-6-yes-no

I am afraid that I was misunderstood...
As I wrote, github version is working as expected but the upstream is not. 
I've suggested syncing upstream with github (which already respected ipvX arguments)

Here is my previous post:
 Please note that
```git clone https://github.com/FreeRADIUS/pam_radius
cd pam_radius
make deb && dpkg -i ../libpam-radius-auth_2.0.1_amd64.deb
```
is working as expected:
2024-06-07T22:45:13.395293+10:00 ubuntu sshd[1457]: pam_radius_auth: 2.0.1 DEVELOPER BUILD - (git #d802da75), built on Jun 7 2024 at 12:38:28
2024-06-07T22:45:13.395508+10:00 ubuntu sshd[1457]: pam_radius_auth: _pam_parse: argv[0] = 'conf=/etc/pam_radius_auth.conf'
2024-06-07T22:45:13.395585+10:00 ubuntu sshd[1457]: pam_radius_auth: _pam_parse: argv[1] = 'retry=3'
2024-06-07T22:45:13.395642+10:00 ubuntu sshd[1457]: pam_radius_auth: _pam_parse: argv[2] = 'ipv4=yes'
2024-06-07T22:45:13.395709+10:00 ubuntu sshd[1457]: pam_radius_auth: _pam_parse: argv[3] = 'ipv6=no'
2024-06-07T22:45:13.395809+10:00 ubuntu sshd[1457]: pam_radius_auth: _pam_parse: argv[4] = 'debug'
2024-06-07T22:45:13.395968+10:00 ubuntu sshd[1457]: pam_radius_auth: DEBUG: conf='/etc/pam_radius_auth.conf' use_first_pass=no try_first_pass=no skip_passwd=no retry=3 localifdown=no client_id='' ruser=no prompt='Password: ' force_prompt=no prompt_attribute=no max_challenge=0 privilege_level=no

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/2068729

Title:
  pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not
  supported by protocol

Status in libpam-radius-auth package in Ubuntu:
  Triaged
Status in shadow package in Ubuntu:
  New

Bug description:
  New and fully updated 24.04 LTS with disabled IPv6 (The CISA secure
  config states that IPv6 is to be disabled unless it's in use).

  lsb_release -rd:
  No LSB modules are available.
  Description:    Ubuntu 24.04 LTS
  Release:        24.04

  apt-cache policy libpam-radius-auth
  libpam-radius-auth:
    Installed: 2.0.1-1
    Candidate: 2.0.1-1
    Version table:
   *** 2.0.1-1 500
          500 http://au.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
          100 /var/lib/dpkg/status

  What you expected to happen:
  Based on https://github.com/FreeRADIUS/pam_radius/blob/master/src/pam_radius_auth.c, the pam_radius_auth module must support ipv6 and ipv4 options.

  /etc/pam.d/sshd:
  auth       sufficient   pam_radius_auth.so  conf=/etc/pam_radius_auth.conf retry=3 ipv4=yes ipv6=no debug

  What happened instead:
  2024-06-07T22:07:57.499460+10:00 ubuntu sshd[584305]: pam_radius_auth: 2.0.1, built on Aug 19 2023 at 14:08:42
  2024-06-07T22:07:57.499672+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv4=yes'
  2024-06-07T22:07:57.499880+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv6=no'
  2024-06-07T22:07:57.500051+10:00 ubuntu sshd[584305]: pam_radius_auth: DEBUG: conf_file='/etc/pam_radius_auth.conf' use_first_pass=no try_first_pass=no skip_passwd=no retry=3 localifdown=no client_id='' accounting_bug=no ruser=no prompt='Password: ' force_prompt=no prompt_attribute=no max_challenge=0 privilege_level=no
  2024-06-07T22:07:57.500279+10:00 ubuntu sshd[584305]: pam_radius_auth: Got user name: 'test'
  2024-06-07T22:07:57.502892+10:00 ubuntu sshd[584305]: pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not supported by protocol

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-radius-auth/+bug/2068729/+subscriptions