[sudo-users] sudo and PAM and garbage text and sample PAM.
Jeremy C. Reed
reed at reedmedia.net
Thu Feb 3 14:29:03 EST 2005
> I should be prompted for a password, but I am not!
>
> montecristo:~$ cat /etc/pam.d/sudo
> # Begin /etc/pam.d/sudo
> auth sufficient pam_rootok.so
> auth required pam_unix.so
> account required pam_unix.so
> session required pam_unix.so
> # End /etc/pam.d/sudo
> montecristo:~$ sudo id
> uid=0(root) gid=0(root) groups=0(root)
I removed the /var/run/sudo. Then I used:
auth required pam_env.so
auth sufficient pam_unix.so
account required pam_unix.so
password required pam_cracklib.so retry=3 type=
password required pam_unix.so nullok use_authtok md5 shadow
session required pam_limits.so
session required pam_unix.so
(as found in the sample.pam)
And it appears to work.
So I am trying to narrow down what is needed:
auth required pam_env.so
does:
$ sudo id
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
sudo: pam_authenticate: Permission denied
(I remove /var/run/sudo.)
auth required pam_env.so
auth sufficient pam_unix.so
With correct password, this gives garbage text and out-of-order sudo:
contact your system administrator, ...
Next I tried:
auth required pam_env.so
auth sufficient pam_unix.so
account required pam_unix.so
Which appears to work fine. But if password is typed wrong, then it
doesn't prompt again and says:
sudo: pam_authenticate: Permission denied
The following also appears to work with correct password:
auth sufficient pam_unix.so
account required pam_unix.so
But wrong password does not prompt again and says:
sudo: pam_authenticate: Permission denied
Is sudo using PAM supposed to default to prompt for passowrd three times
if password is typed wrong?
Jeremy C. Reed
open source, Unix, *BSD, Linux training
http://www.pugetsoundtechnology.com/
More information about the sudo-users
mailing list