[sudo-users] sudo 1.9.6 error on HP-UX
Stephan Eckner
stephan at eckner.org
Mon Jun 21 10:15:34 MDT 2021
Todd C. Miller <todd.miller at sudo.ws> hat am 27.05.2021 22:58
geschrieben:
On Thu, 27 May 2021 21:41:30 +0200, Stephan Eckner wrote:
(I wasn't aware that PAM account validation had been introduced
in 1.8.23) With PAM account validation disabled, I can assume the
new sudo version works like the old one? Or are there any reasons
why I should try to get sudo working with PAM account validation
enabled?
The only difference is that now PAM account management modules won't
be run for sudo. This means that things like an expired password are
no longer caught. Since you have accounts in AD that may not really
matter.
It may be possible to adjust your pam.conf file so that you don't
need this line in sudoers. Most likely there is just an "auth" entry
that needs to be copied to "account". I can't say for sure though.
- todd
Using the PAM_AUTHZ module and adding "rcommand" to pam.conf as below did
the trick:
OTHER account required libpam_authz.so.1 policy=/etc/opt/ldapux/pam_aut
hz.policy
OTHER account required libpam_ldap.so.1 rcommand
The solution is described here (for sshd instead of sudo):
https://support.hpe.com/hpesc/public/docDisplay?docId=c01999964
Thanks again. Stephan
More information about the sudo-users
mailing list