sudo with PAM - pam_setcred: Permission denied

Todd C. Miller Todd.Miller at
Sat Jan 19 19:32:19 EST 2002

The problem is that in Linux PAM 0.75 even though the setcred
function succeeds, the return value in this case is still
PAM_PERM_DENIED.  This is because _pam_dispatch_aux() uses a cached
return value which is not going to be set unless pam_authenticate()
is used.  Since sudo doesn't ask for a password every time that
doesn't work too well (and at the moment pam_setcred is done with
a different session as the authentication anyway).

The simplest (and just about only) solutino is to just ignore the
return value of pam_setcred().

 - todd

More information about the sudo-users mailing list