[sudo-users] sudo 1.8.7 on RHEL6: unable to establish credentials: User not known to the underlying authentication module
Todd C. Miller
Todd.Miller at courtesan.com
Thu Jul 11 09:13:27 MDT 2013
On Thu, 11 Jul 2013 16:06:17 +0200, "Michael =?UTF-8?B?U3Ryw7ZkZXI=?=" wrote:
> [myusername at rhel5test ~]$ sudo -i
> [..]
> [sudo] password for myusername:
> sudo: unable to establish credentials: User not known to the underlying
> authentication module
This is due to a pam_setcred() failure. Older versions of sudo did
not check the return value due to bugs in old versions of Linux
PAM.
The following patch reverts to the pre-1.8.7 behavior.
- todd
diff -r 4a0af6f12765 plugins/sudoers/auth/pam.c
--- a/plugins/sudoers/auth/pam.c Tue Jul 09 10:35:26 2013 -0600
+++ b/plugins/sudoers/auth/pam.c Thu Jul 11 09:12:27 2013 -0600
@@ -238,15 +238,7 @@
* this is not set and so pam_setcred() returns PAM_PERM_DENIED.
* We can't call pam_acct_mgmt() with Linux-PAM for a similar reason.
*/
- status = pam_setcred(pamh, PAM_ESTABLISH_CRED);
- if (status == PAM_SUCCESS) {
- sudo_pam_cred_established = true;
- } else if (sudo_pam_authenticated) {
- const char *s = pam_strerror(pamh, status);
- if (s != NULL)
- log_warning(NO_MAIL, N_("unable to establish credentials: %s"), s);
- goto done;
- }
+ (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
#ifdef HAVE_PAM_GETENVLIST
/*
More information about the sudo-users
mailing list