[sudo-users] Strange behavior on macOS 12.0.1 (21A559)

[Benjamin Burke]

Hi Todd,

/etc/pam.d/sudo is entirely missing on the problem machine. :facepalm: I'm not sure how that happened but if it turns out to be anything other than simple user error I'll reply to the list.

Thanks for your *very* quick help!

Ben

> On 12 Nov 2021, at 15:41, Todd C. Miller <Todd.Miller at sudo.ws> wrote:
> 
> On Fri, 12 Nov 2021 10:21:56 +0100, Benjamin Burke via sudo-users wrote:
> 
>> I have two intel macbooks running with the latest version of macOS
>> 12.0.1 (21A559). One of them has this problem and the other does
>> not. The problem is that sudo doesn't prompt for a password but it
>> acts like it has -- it acts like it has received several invalid
>> password attempts. This happens immediately.
>> 
>> % sudo date
>> Sorry, try again.
>> Sorry, try again.
>> sudo: 3 incorrect password attempts
>> 
>> % sudo -A date     
>> Sorry, try again.
>> Sorry, try again.
>> sudo: 3 incorrect password attempts
> 
> This is almost certainly a PAM problem of some sort.
> 
>> This is interesting because on the computer with working sudo the
>> above results in the error:
>> "sudo: no askpass program specified, try setting SUDO_ASKPASS"
> 
> That indicates that on the system with the non-working sudo, the
> function that reads the password is never called.  Again, this
> points to a PAM problem.
> 
> Is the PAM configuration the same on both systems?
> Try comparing the /etc/pam.d/sudo file on both.
> 
>> I do have to admit that there are things on both these computers
>> which could in theory complicate this issue. I use yubikeys on both,
>> with opensc for piv-based ssh. I have also paired the yubikeys to
>> macos so I can typically authenticate with the yubikey and a macos
>> pin prompt. But again, both computers are the same in this respect
>> and one has no issues with sudo.
> 
> Could the smartcard settings be configured differently on the two
> systems?  I'm assuming that yubikeys are configured on macOS as
> smartcards.
> 
> - todd