[sudo-users] sudo 1.8.7 on RHEL6: unable to establish credentials: User not known to the underlying authentication module

Michael Ströder michael at stroeder.com
Thu Jul 11 08:06:17 MDT 2013


HI!

I'm trying to upgrade to self-compiled sudo 1.8.7 on RHEL5.6 x86_64 with LDAP
as backend.
We're also using sssd-ldap which correctly works.

Build of RPM package 1.8.7 was done on RHEL5 with this commands:

/configure
  --prefix=/usr \
  --with-ldap \
  --with-pam \
  --with-pam-login \
  --with-editor=/bin/vi \
  --with-env-editor \
  --with-ignore-dot \
  --with-tty-tickets \
  --with-ldap \
  --with-selinux \
  --with-linux-audit \
  --with-passprompt="[sudo] password for %p: "
make && make package

The sudo-ldap configuration seems to be correct since everything works with
version 1.7.2p1 shipped with RHEL5.

It also works with self-compiled 1.8.7 package as expected but there's a
strange message output to console:

------------------- snip -------------------
[myusername at rhel5test ~]$ sudo -i
[..]
[sudo] password for myusername: 
sudo: unable to establish credentials: User not known to the underlying
authentication module
------------------- snip -------------------

In /var/log/secure these message are written:

------------------- snip -------------------
Jul 11 15:54:06 rhel5test sudo: pam_unix(sudo-i:auth): authentication failure;
logname=myusername uid=21400161 euid=0 tty=/dev/pts/1 ruser=myusername rhost= 
user=myusername
Jul 11 15:54:06 rhel5test sudo: pam_sss(sudo-i:auth): authentication success;
logname=myusername uid=21400161 euid=0 tty=/dev/pts/1 ruser=myusername rhost=
user=myusername
Jul 11 15:54:06 rhel5test sudo: myusername : TTY=pts/1 ; PWD=/home/myusername ;
USER=root ; COMMAND=/bin/bash
Jul 11 15:54:06 rhel5test sudo: myusername : unable to establish credentials:
User not known to the underlying authentication module ; TTY=pts/1 ;
PWD=/home/myusername ; USER=root ; COMMAND=/bin/
------------------- snip -------------------

I tried to disable various unneeded session-related config lines in
/etc/pam.d/* but still this message appears.
BTW: Same symptoms after upgrading to sudo 1.8.7 on SLES11SP2 x86_64.

Any clue how to track this down?
Maybe additional build options needed for 64 bit platform?

Many thanks in advance.

Ciao, Michael.




More information about the sudo-users mailing list