[sudo-users] Sudo + LDAP + PAM does not work the first time

Tim Browne ordinary_name at hotmail.com
Tue Jun 9 12:39:04 EDT 2009 

hi.  I currently have a multimaster ldap setup   with 3 masters with 3 slaves each.   
sudo is using pam to authenticate.

here is my /etc/pam.d/sudo
auth       required     pam_ldap.so 
account    required     pam_ldap.so
password   required     pam_ldap.so
session    required     pam_limits.so

and common-auth 

# /etc/pam.d/common-auth - authentication settings common to all services
#
# Includes mods for Office LDAP client
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
#auth    sufficient    pam_ldap.so try_first_pass
#auth    required    pam_unix.so nullok_secure try_first_pass
auth    [success=done default=ignore]   pam_unix.so nullok_secure try_first_pass
# If LDAP is unavailable, go to next line.  If authentication via LDAP is successful, skip 1 line.
# If LDAP is available, but authentication is NOT successful, skip 2 lines.
auth    [authinfo_unavail=ignore success=1 default=2] pam_ldap.so use_first_pass
auth    [default=done]  pam_ccreds.so action=validate use_first_pass
auth    [default=done]  pam_ccreds.so action=store
auth    [default=bad]   pam_ccreds.so action=update

something to consider is the auth sufficient and auth required lines commented out  in common-auth  were   uncommented prior to attempting  a cached credentials setup.


anyway my issue:
when logging into a master server  attempting sudo anything  returns to the prompt without performing any action and with no output.    repeating the command  works as intended.    /var/log/sudo.log   registers  both commands as having happened.   if i let the time stamp for sudo expire and try sudo again  it WILL work  after typing my password the first time.   if i sudo -k  and try a command  the first commnad will not complete and show no output.

this is running debian lenny 64 bit.    does anyone have any idea what could be going on?


Thanks
Tim


_________________________________________________________________
Lauren found her dream laptop. Find the PC that’s right for you.
http://www.microsoft.com/windows/choosepc/?ocid=ftp_val_wl_290

More information about the sudo-users mailing list