[sudo-users] SHA512 Passwords on Solaris Seems to Break Sudo Authentication in 1.8.11 to 1.8.12

Todd C. Miller Todd.Miller at courtesan.com
Thu Mar 5 12:22:25 MST 2015

I've finally gotten to the bottom of this.  The problem is that
sudo uses its own sha2 functions on Solaris 10 because the ststem
version doesn't include SHA224 support (it was added in Solaris
11).  As a result, when PAM tries to verify the user's password it
ends up using sudo's sha2 functions but with the Solaris sha2 data

The fix is to avoid namespace pollution and prefix sudo's sha2
functions with sudo_ so there is no conflict.

I've put a patch relative to sudo 1.8.11p1 at:


The patch also applies to sudo 1.8.12.  The next sudo 1.8.13 beta
will include this patch.

 - todd

More information about the sudo-users mailing list