[sudo-users] When having multiple simultanious SSH connections, only the first two can `sudo`

Todd C. Miller Todd.Miller at sudo.ws
Wed Dec 13 15:34:18 MST 2017

On Wed, 13 Dec 2017 19:38:38 +0100, Manuel Wagesreither wrote:

> Why is that? I thought a empty password in /etc/passwd meant "don't
> ask for a password" or "accept an empty string as password". What
> would need to be entered if this prompt showed up?

An empty password in /etc/shadow (or /etc/passwd on systems with
no /etc/shadow file) should mean "accept an empty string as password".
I just tested sudo on Ubuntu with passwd authentication (not PAM)
and that is how it behaves.  Note that if /etc/shadow exists, sudo
will use the encrypted password in it, regardless of the value of
the password field in /etc/passwd.

Some programs don't prompt for a password at all if the password
field is empty but sudo doesn't behave that way.

 - todd

More information about the sudo-users mailing list