Package: sudo-ldap
Version: 1.8.27-1
Severity: normal
Dear maintainer,
I upgraded Debian from 9.9 to 10.0 yesterday and find that I have to
enter my password when running commands with sudo. We have no
!authenticate option on our LDAP server so we manually add NOPASSWD in
/etc/sudoers. However, after upgrading to buster, the NOPASSWD option
seems not working.
The running result of sudo -l still contains NOPASSWD:
steven@vpn:~$ sudo -l
Matching Defaults entries for steven on vpn:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User steven may run the following commands on vpn:
(ALL : ALL) NOPASSWD: ALL
(ALL) ALL
(ALL) ALL
The changelog of sudo-ldap does not show it has put a higher priority in
the LDAP server's configuration, so I think this should be a bug.
Regards,
Zhaofeng Yang
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sudo-ldap depends on:
ii libaudit1 1:2.8.4-3
ii libc6 2.28-10
ii libldap-2.4-2 2.4.47+dfsg-3
ii libpam-modules 1.3.1-5
ii libpam0g 1.3.1-5
ii libselinux1 2.8-1+b1
ii lsb-base 10.2019051400
sudo-ldap recommends no packages.
sudo-ldap suggests no packages.
-- Configuration Files:
/etc/sudoers changed:
Defaults env_reset
Defaults mail_badpass
Defaults
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL=(ALL:ALL) ALL
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
-- no debconf information