[sudo-users] sudo and PAM and garbage text and sample PAM.

Jeremy C. Reed reed at reedmedia.net
Wed Feb 2 19:02:46 EST 2005

I upgraded sudo on two of my Linux boxes using pkgsrc build system.

This is using pkgsrc packages: sudo-1.6.8pl5nb1 and PAM-0.77nb4.

sudo didn't work due to:

reed at puget:~$ sudo ls
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts

I had no chance to type in my password.

My auth.log has:

Feb  2 15:06:05 puget PAM-warn[1152]: function=[pam_sm_authenticate]
service=[sudo] terminal=[ttyp0] user=[reed] ruser=[<unknown>]
rhost=[<unknown>] Feb  2 15:06:05 puget last message repeated 2 times

So I see I need a sudo rule for PAM.

I saw this was in the troubleshooting FAQ also.

So I added a /etc/pam.d/sudo with:

auth    required        pam_unix.so

like I saw on a Debian Linux 3.0 box.

I did not use the sample.pam because its first suggestion was using some
"stack" module that I don't have.

And now sudo prompted me, but failed:

 reed at puget:~$ sudo ls
 sudo: contact your system administrator, ÄÇEüAccount or password is  expired
 Sorry, try again.

Notice the strange character codes (\xc4\xc7E\xfc) above.

And auth.log has:

Feb  2 15:12:12 puget sudo(pam_unix)[1173]: authentication failure;
logname= uid=0 euid=0 tty=ttyp0 ruser= rhost=  user=reed

So now I just copied my /etc/pam.d/su to sudo and it worked. It has:

auth    sufficient      pam_rootok.so
auth    required        pam_unix.so
account required        pam_unix.so
session required        pam_unix.so

The garbage characters (shown above) still look like a problem though.
Is that a PAM problem or a sudo problem?

 Jeremy C. Reed

 	  	 	 open source, Unix, *BSD, Linux training

More information about the sudo-users mailing list