[sudo-users] SHA512 Passwords on Solaris Seems to Break Sudo Authentication in 1.8.11 to 1.8.12
David.Cress at globalpay.com
David.Cress at globalpay.com
Thu Mar 5 09:23:01 MST 2015
Per your instructions about disabling the Solaris SHA2 library:
ac_cv_header_sha2_h=no ./configure --with-project --without-lecture --with-pam --with-logging=syslog --with-logfac=auth --with-goodpri=info --with-badpri=warning --with-ignore-dot --without-sendmail --with-umask=022 --with-tty-tickets --with-man --enable-zlib=builtin
g3nllsjs003# sudo -V
Sudo version 1.8.11
Configure options: --with-project --without-lecture --with-pam --with-logging=syslog --with-logfac=auth --with-goodpri=info --with-badpri=warning --with-ignore-dot --without-sendmail --with-umask=022 --with-tty-tickets --with-man --enable-zlib=builtin
Sudoers policy plugin version 1.8.11
Sudoers file grammar version 43
Password:
Last login: Thu Mar 5 11:19:37 2015 from 172.30.246.213
Oracle Corporation SunOS 5.10 Generic Patch January 2005
-bash-3.2$ sudo su -
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
sudo: 2 incorrect password attempts
-bash-3.2$
---
David Cress
Senior UNIX Engineer
Desk: 9-8435 (770 829-8435)
Cell: 678 768-4665
What exists, exists; what is, is; and from this irreducible bedrock principle, all knowledge is built.
-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com]
Sent: Thursday, March 05, 2015 11:08 AM
To: Cress, David # ATLANTA
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] SHA512 Passwords on Solaris Seems to Break Sudo Authentication in 1.8.11 to 1.8.12
Starting with sudo 1.8.11, sudo will use the sha2 functions in the Solaris C library instead of its own. You can force configure to ignore the sha2 in libc by doing:
$ ac_cv_header_sha2_h=no ./configure ...
Unfortunately, I no longer have a working SPARC machine and Solaris on intel doesn't exhibit the problem.
- todd
More information about the sudo-users
mailing list