[sudo-users] sudo: uid XXXX does not exist in the passwd file!

rhatuk rhatuk66 at googlemail.com
Wed Jun 13 11:04:27 EDT 2007 

Hi Andreas,
I've the default RHEL4 config for the sudo which, if I'm not wrong, is
fwding the processing to the system-auth pam conf. (please see below)

/etc/pam.d/sudo
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_limits.so

/etc/pam.d/system-auth
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100
quiet
account     [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_ldap.so
account     required      /lib/security/$ISA/pam_permit.so
account     required      /lib/security/$ISA/pam_access.so
accessfile=/etc/security/access.netgroup.conf

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok
md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so

I do have doubts about the system-auth pam conf, I couldnt find where the
getpwnam function will look for the password database...

Thanks for your help,

C.



On 6/12/07, Andreas Hasenack <ahasenack at terra.com.br> wrote:
>
> On Tue, Jun 12, 2007 at 10:28:40PM +0100, rhatuk wrote:
> > hi chaps,
> > I've a RHEL4 sudo ldap client authenticating against an ldap directory
> > server where I'm currently being able to authenticate and list users
> using
> > getent passwd, groups, etc., with no problem.
> >
> > I've setup some sudo entries on the directory, and run some tests using
> > local users (/etc/passwd users).
> >
> > however, when I try to do the same with an authenticated ldap user, I
> got a
> > "sudo: uid XXX does not exist in the passwd file!"
> >
> > I've check the source code and this seems to be caught when running the
> > "getpwnam()" function; couldnt find documentation about if this function
>
> > ends up using PAM modules to gather info about the passwd database or if
> it
> > just tries to read /etc/passwd.
> >
> > I've strace'd it and can sudo trying to connect to the directory server,
>
> > also when debugging the directory server transactions I see some
> queries,
> > but still can make it work right...
> >
> > any ideas? :)
>
> Is the sudo pam file using pam_ldap as well?
>
> Also, are you using some sort of tls/ssl config?
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>

More information about the sudo-users mailing list