[sudo-users] sudo and PAM and garbage text and sample PAM.
Jeremy C. Reed
reed at reedmedia.net
Wed Feb 2 19:02:46 EST 2005
I upgraded sudo on two of my Linux boxes using pkgsrc build system.
This is using pkgsrc packages: sudo-1.6.8pl5nb1 and PAM-0.77nb4.
sudo didn't work due to:
reed at puget:~$ sudo ls
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
I had no chance to type in my password.
My auth.log has:
Feb 2 15:06:05 puget PAM-warn[1152]: function=[pam_sm_authenticate]
service=[sudo] terminal=[ttyp0] user=[reed] ruser=[<unknown>]
rhost=[<unknown>] Feb 2 15:06:05 puget last message repeated 2 times
So I see I need a sudo rule for PAM.
I saw this was in the troubleshooting FAQ also.
So I added a /etc/pam.d/sudo with:
auth required pam_unix.so
like I saw on a Debian Linux 3.0 box.
I did not use the sample.pam because its first suggestion was using some
"stack" module that I don't have.
And now sudo prompted me, but failed:
reed at puget:~$ sudo ls
Password:
sudo: contact your system administrator, ÄÇEüAccount or password is expired
Sorry, try again.
Password:
Notice the strange character codes (\xc4\xc7E\xfc) above.
And auth.log has:
Feb 2 15:12:12 puget sudo(pam_unix)[1173]: authentication failure;
logname= uid=0 euid=0 tty=ttyp0 ruser= rhost= user=reed
So now I just copied my /etc/pam.d/su to sudo and it worked. It has:
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
The garbage characters (shown above) still look like a problem though.
Is that a PAM problem or a sudo problem?
Jeremy C. Reed
open source, Unix, *BSD, Linux training
http://www.pugetsoundtechnology.com/
More information about the sudo-users
mailing list