[sudo-workers] PAM Support in Sudo
blfarrell at ra.rockwell.com
blfarrell at ra.rockwell.com
Fri Jun 25 09:30:22 EDT 2004
Hello,
In upgrading to sudo-1.6.7p5 and configuring it to use PAM support (we use
a PAM module to implement tracking of failed attempts during password
authentication). As expected I found that the pam support in sudo does
the authentication properly, however it does not perform the required
account management to clear the failed authentication counter upon
successful authentication. While fixing this, I also realized that it
would authenticate a user that had an expired password (which could be the
case if the user has been logged in for a period of time). To solve the
problem I added the pam code to force the password reset. I also did this
same code change for sudo-1.6.8rc1.
I think this make sense to put back into the distribution so I am sending
it to this list.
Please let me know if you have any questions or I should be submitting the
code through another mechanism.
On a side note when compiling 1.6.8rc1 under Solaris with Sun's compiler I
needed to set 'CXXCPP=/usr/ccs/lib/cpp' as the configure script couldn't
figure it out.
Brian Farrell
More information about the sudo-workers
mailing list