[sudo-users] SHA512 Passwords on Solaris Seems to Break Sudo Authentication in 1.8.11 to 1.8.12
David.Cress at globalpay.com
David.Cress at globalpay.com
Wed Mar 4 07:52:16 MST 2015
I recently upgraded my Solaris 10 SPARC systems from Sudo 1.8.10p2 to 1.8.11p2 and anywhere I was using SHA512 passwords, sudo stopped authenticating. All I get is:
bash-3.2$ sudo su -
Password:
Sorry, try again.
Password:
So I down loaded 1.8.12, compiled and still breaks. Tried 1.8.11 and "Sorry, try again.". I did another compile using just ./configure of both 1.8.11 and 1.8.12 and it stills fails to authenticate if the user has an SHA512 password.
Went back to 1.8.10.p3 and it works. I've built a new package around 1.8.10p3 and will downgrade all my servers to that for now.
All other password encryption types seem to work fine. I have no Solaris 10 x86 or Solaris 11 systems to test on.
My configure statement for all versions:
./configure --enable-pie --with-project --without-lecture --with-pam \
--with-logging=syslog --with-logfac=auth --with-goodpri=info \
--with-badpri=warning --with-ignore-dot --without-sendmail --with-umask=022 \
--with-tty-tickets --with-man --enable-zlib=builtin
---
David Cress
Senior UNIX Engineer
Desk: 9-8435 (770 829-8435)
What exists, exists; what is, is; and from this irreducible bedrock principle, all knowledge is built.
More information about the sudo-users
mailing list