Re: sudo broken

Andrzej Zawadzki Tue, 21 Sep 2004 14:13:50 -0700

Arkadiusz Miskiewicz wrote:

Latest sudo (sudo-1.6.8p1-1 from ftp) seems broken:

[EMAIL PROTECTED] ~]$ sudo bash
Password:
Take a stress pill and think things over.
Password:
sudo: contact your system administrator, Account or password is expired
I feel much better now.
Password:

[EMAIL PROTECTED] arekm]# chage -l arekm
Minimum:        0
Maximum:        99999
Warning:        5
Inactive:       -1
Last Change:            wrz 19, 2004
Password Expires:       Never
Password Inactive:      Never
Account Expires:        Never

Does it happen for anyone else?


Ok. After some research I found this:

sudo.CHANGES
547) Updated sample.pam to a current version.
Why? Because sudo now can check validiti pam_acct_mgmt calls.

So our /etc/pam.d/sudo has to be (?) like:

auth       required    pam_env.so
auth       sufficient  pam_unix.so
account    required    pam_unix.so
password   required    pam_cracklib.so retry=3 type=
password   required    pam_unix.so nullok use_authtok md5 shadow
session    required    pam_limits.so
session    required    pam_unix.so

now is:
auth           required        pam_unix.so shadow
session                optional        pam_xauth.so

but to work we only need to add to our sudo line:
account    required            pam_unix.so

What is the more proper version?

Some PAM expert is needed!!!

ps. sudo.pamd has to be fixd to above!

--
Andrzej Zawadzki

_______________________________________________
pld-devel-en mailing list
[EMAIL PROTECTED]
http://lists.pld-linux.org/mailman/listinfo/pld-devel-en

Re: sudo broken

Reply via email to