[sudo-users] new sudo error

Todd C. Miller Todd.Miller at courtesan.com
Fri Oct 18 14:34:27 MDT 2013

Unfortunately, the return value of pam_setcred() is completely
useless since with stacked PAM auth modules a failure from one
module may override PAM_SUCCESS from another.  If the first module
in the stack fails, the others may be run (and succeed) but an error
will be returned.  This can cause a spurious warning on systems
with non-local users (e.g. pam_ldap or pam_sss) where pam_unix is
consulted first.

Sudo 1.8.8 ignores errors from pam_setcred() like previous versions

 - todd

More information about the sudo-users mailing list