We have a TCP/UDP service configured with multiple ports in the Ports field, separated by spaces. This is needed for a client application that connects to multiple ports on the target device, depending on user activity. The service worked as expected with PAM 2.8. But it does not work after the upgrade to PAM 3.1.1. It looks like only connections to the first port are successful now, connections to any of the other ports fail.
The problem affects all PAM 3.X releases as of July 2018.
Updates in early PAM 3.X to address other problems with TCP/UDP services in lower releases broke the multi-port service feature discussed here. This is not widely used and was not covered by PAM internal testing.
The problem is fixed in PAM 3.2.2. The next release 3.3, and maintenance release 3.1.3 will include the fix as well.
As a workaround, define multiple services, each with one port, and launch all services from the access page before launching the client application.