[sudo-users] SHA512 Passwords on Solaris Seems to Break Sudo Authentication in 1.8.11 to 1.8.12

David.Cress at globalpay.com David.Cress at globalpay.com
Wed Mar 4 07:52:16 MST 2015

I recently upgraded my Solaris 10 SPARC systems from Sudo 1.8.10p2 to 1.8.11p2 and anywhere I was using SHA512 passwords, sudo stopped authenticating.  All I get is:

bash-3.2$ sudo su -


Sorry, try again.


So I down loaded 1.8.12, compiled and still breaks. Tried 1.8.11 and "Sorry, try again.".  I did another compile using just ./configure of both 1.8.11 and 1.8.12 and it stills fails to authenticate if the user has an SHA512 password.

Went back to 1.8.10.p3 and it works.  I've built a new package around 1.8.10p3 and will downgrade all my servers to that for now.

All other password encryption types seem to work fine.  I have no Solaris 10 x86 or Solaris 11 systems to test on.

My configure statement for all versions:

./configure --enable-pie --with-project --without-lecture --with-pam \

--with-logging=syslog --with-logfac=auth --with-goodpri=info \

--with-badpri=warning --with-ignore-dot --without-sendmail --with-umask=022 \

--with-tty-tickets --with-man --enable-zlib=builtin


David Cress

Senior UNIX Engineer

Desk: 9-8435 (770 829-8435)

What exists, exists; what is, is; and from this irreducible bedrock principle, all knowledge is built.

More information about the sudo-users mailing list