[sudo-users] no tty present and no askpass program specified

Gonzalez, Aliep aliep.gonzalez at rbc.com
Tue Nov 1 10:17:46 EDT 2011


Hello list

Environment: sudo 1.7.4p6 on Solaris 10 update 9.

I have an application user (uyqn0001) that logs in to the system in a
non-interactive mode (through a utility called Universal Command) and
tries to execute a command as another user (dspace), as shown below:

/bin/su - dspace -c  cd /u/app/dspace/batch/feeds/monaco ;
./MonacoTradeInactiveDataCleanup.sh

That used to be working fine for years, until the server was upgraded
from Solaris 10 update 7 to update 9. At that point, the job started
failing with:

sudo: [ID 702911 auth.alert] uyqn0001 : no tty present and no askpass
program specified ; TTY=unknown ; PWD=/home/uyqn0001 ; USER=root ;
COMMAND=/bin/su - dspace -c  cd /u/app/dspace/batch/feeds/monaco ;
./MonacoTradeInactiveDataCleanup.sh

Setting "Defaults  visiblepw" in /etc/sudoers seems the suggested
solution for this issue. However, when I do so, sudo throws the below
error:

sudo: [ID 702911 auth.alert] uyqn0001 : pam_authenticate: Conversation
failure ; TTY=unknown ; PWD=/home/uyqn0001 ; USER=root ; COMMAND=/bin/su
- dspace -c  cd /u/app/dspace/batch/feeds/monaco ;
./MonacoTradeInactiveDataCleanup.sh

Has anybody out there seen a similar error before? Below are the
relevant pam.conf entries:

root at usvdspcp1:/usr/lib/security> uname -a
SunOS usvdspcp1 5.10 Generic_142909-17 sun4u sparc SUNW,SPARC-Enterprise
root at usvdspcp1:/usr/lib/security> cat /etc/release
                   Oracle Solaris 10 9/10 s10s_u9wos_14a SPARC
     Copyright (c) 2010, Oracle and/or its affiliates. All rights
reserved.
                            Assembled 11 August 2010
root at usvdspcp1:/usr/lib/security> grep other /etc/pam.conf
other   auth requisite        pam_authtok_get.so.1
other   auth required         pam_dhkeys.so.1
other   auth required         pam_unix_cred.so.1
other   auth binding          pam_unix_auth.so.1 server_policy
other   auth required         pam_ldap.so.1
other   account requisite     pam_roles.so.1
other   account binding       pam_unix_account.so.1 server_policy
other   account required      pam_ldap.so.1
other   session required      pam_unix_session.so.1
other   password required     pam_dhkeys.so.1
other   password requisite    pam_authtok_get.so.1
other   password requisite    pam_authtok_check.so.1
other   password required     pam_authtok_store.so.1 server_policy
root at usvdspcp1:/usr/lib/security> sudo -V|head -1
Sudo version 1.7.4p6
root at usvdspcp1:/usr/lib/security>

I checked all the pam libraries and none of them was changed during the
upgrade.

Thanks in advance,
AG

_______________________________________________________________________

This email may be privileged and/or confidential, and the
sender does not waive any related rights and obligations.
Any distribution, use or copying of this email or the
information it contains by other than an intended recipient
is unauthorized. If you received this email in error,
please advise the sender (by return email or otherwise)
immediately. You have consented to receive the attached
electronically at the above-noted email address; please retain a
copy of this confirmation for future reference.

Ce courriel est confidentiel et protégé. L'expéditeur ne renonce
pas aux droits et obligations qui s'y rapportent. Toute diffusion,
utilisation ou copie de ce courriel ou des renseignements qu'il
contient par une personne autre que le (les) destinataire(s)
désigné(s) est interdite. Si vous recevez ce courriel par erreur,
veuillez en aviser l’expéditeur immédiatement, par retour de courriel
ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s)
ci-joint(s) par voie électronique à l’adresse courriel indiquée ci-dessus;
veuillez conserver une copie de cette confirmation pour les fins de reference future.


More information about the sudo-users mailing list