The following TERMINAL rule has been configured
editres TERMINAL ('10.10.10.10') audit(FAILURE) defaccess(NONE) owner('nobody')
authorize TERMINAL ('10.10.10.10') access(READ) uid('testuser')
However, when testuser run SSH from 10.10.10.10 to the PIM Endpoint, the login prompt appears but after keying in correct password the connect is closed.
Notes: 10.10.10.15 is the IP address of PIM Endpoint server
Audit log shows
01 Mar 2022 05:34:34 D LOGIN testuser 69 2 test.broadcom.com SSH
seaudit -t for code 69 shows
69 No Step that allowed access
There is duplicate TERMINAL rule using Fully Qualified Hostname (FQHN), e.g. FQHN of 10.10.10.10 is test.broadcom.com. The following duplicate TERMINAL rule with FQHN exists.
editres TERMINAL ('test.broadcom.com') audit(FAILURE) defaccess(NONE) owner('nobody')
authorize TERMINAL ('test.broadcom.comr') access(READ) uid('imadmin')
Notice that there is no authorize TERMINAL rule for 'testuser' in above TERMINAL rule.
Release : 12.8.x
Component : CA ControlMinder - Unix
Although the first TERMINAL rule using IP allow testuser to access, but the duplicate TERMINAL rule using FQHN doesn't allow testuser to access.
Due to this duplicate TERMINAL rule PIM has denied login.
You can consolidate the TERMINAL rule into one. You can remove the TERMINAL rule with IP address and add 'testuser' user into TERMINAL rule with FQHN.
AC> auth terminal test.broadcom.com uid(testuser) access(read)
It doesn't matter whether you are using IP or FQHN as long as OS can resolve it.