[sudo-users] sudo 1.9.6 error on HP-UX
Todd C. Miller
Todd.Miller at sudo.ws
Thu May 27 14:58:54 MDT 2021
On Thu, 27 May 2021 21:41:30 +0200, Stephan Eckner wrote:
> (I wasn't aware that PAM account validation had been introduced in
> 1.8.23)
> With PAM account validation disabled, I can assume the new sudo version
> works like the old one? Or are there any reasons why I should try to get
> sudo working with PAM account validation enabled?
The only difference is that now PAM account management modules won't
be run for sudo. This means that things like an expired password
are no longer caught. Since you have accounts in AD that may not
really matter.
It may be possible to adjust your pam.conf file so that you don't
need this line in sudoers. Most likely there is just an "auth"
entry that needs to be copied to "account". I can't say for sure
though.
- todd
More information about the sudo-users
mailing list