[sudo-workers] NOPASSWD sudo and PAM
dkopecek at redhat.com
Fri Jan 12 01:22:21 MST 2018
is there a difference w.r.t. PAM stack interaction for NOPASSWD vs
PASSWD sudoers entries?
I was investigating why pam_time isn't working with sudo and found out
that it was because the NOPASSWD flag.
It caused sudo to skip the PAM account phase and therefore skipping the
pam_time module which is used like this:
account required pam_time.so
That should cause pam_time to deny any attempt but in case of a NOPASSWD
entry it is ignored.
Is this expected behavior or a bug?
More information about the sudo-workers