sudo broken
Andrzej Zawadzki
zawadaa at wp.pl
Tue Sep 21 23:13:16 CEST 2004
Arkadiusz Miskiewicz wrote:
> Latest sudo (sudo-1.6.8p1-1 from ftp) seems broken:
>
> [arekm at mobarm ~]$ sudo bash
> Password:
> Take a stress pill and think things over.
> Password:
> sudo: contact your system administrator, Account or password is expired
> I feel much better now.
> Password:
>
> [root at mobarm arekm]# chage -l arekm
> Minimum: 0
> Maximum: 99999
> Warning: 5
> Inactive: -1
> Last Change: wrz 19, 2004
> Password Expires: Never
> Password Inactive: Never
> Account Expires: Never
>
> Does it happen for anyone else?
Ok. After some research I found this:
sudo.CHANGES
547) Updated sample.pam to a current version.
Why? Because sudo now can check validiti pam_acct_mgmt calls.
So our /etc/pam.d/sudo has to be (?) like:
auth required pam_env.so
auth sufficient pam_unix.so
account required pam_unix.so
password required pam_cracklib.so retry=3 type=
password required pam_unix.so nullok use_authtok md5 shadow
session required pam_limits.so
session required pam_unix.so
now is:
auth required pam_unix.so shadow
session optional pam_xauth.so
but to work we only need to add to our sudo line:
account required pam_unix.so
What is the more proper version?
Some PAM expert is needed!!!
ps. sudo.pamd has to be fixd to above!
--
Andrzej Zawadzki
More information about the pld-devel-en
mailing list