[sudo-users] new sudo error
Todd C. Miller
Todd.Miller at courtesan.com
Fri Oct 18 14:34:27 MDT 2013
Unfortunately, the return value of pam_setcred() is completely
useless since with stacked PAM auth modules a failure from one
module may override PAM_SUCCESS from another. If the first module
in the stack fails, the others may be run (and succeed) but an error
will be returned. This can cause a spurious warning on systems
with non-local users (e.g. pam_ldap or pam_sss) where pam_unix is
consulted first.
Sudo 1.8.8 ignores errors from pam_setcred() like previous versions
did.
- todd
More information about the sudo-users
mailing list