Re: sudo never asks me for a password
On Nov 23, 2007 7:31 PM, Kamil Kisiel [EMAIL PROTECTED] wrote: On Nov 23, 2007 7:16 PM, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 07:09:36PM -0800, Kamil Kisiel wrote: On 11/23/07, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote: For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I've been struggling with this problem for some time but still haven't been able to find a solution. Any ideas? Maybe something is misconfigured in your pam stack? Check /etc/pam.d/sudo. /etc/pam.d/sudo looks like this: # # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $ # # PAM configuration for the su service # # auth authsufficient pam_rootok.so no_warn authsufficient pam_self.so no_warn authrequisite pam_group.sono_warn group=wheel root_only fail_safe authinclude system # account account include system # session session requiredpam_permit.so This looks like it was copied verbatim from su. I suspect the pam_self.so is causing problems. Sudo authenticates the user for their current account, not the target account. That line will cause authentication to short-circuit on a UID match w/o any need to provide a password. Try commenting it out. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley Thanks Christopher, That's exactly the problem. Seems the previous administrator of this machine made /etc/pam.d/sudo a link to /etc/pam.d/su and left it configured as is. Somehow I never caught on to that. -- Kamil Alright, maybe my impression of success was slightly premature. It seems that the problem now is that sudo doesn't like the pam_unix.so module for whatever reason. If I use the default sudo pam file, which simply includes all settings from /etc/pam.d/system it gives me an error like the following: sudo: pam_authenticate: conversation failure -- Kamil ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo never asks me for a password
On Nov 23, 2007 7:16 PM, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 07:09:36PM -0800, Kamil Kisiel wrote: On 11/23/07, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote: For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I've been struggling with this problem for some time but still haven't been able to find a solution. Any ideas? Maybe something is misconfigured in your pam stack? Check /etc/pam.d/sudo. /etc/pam.d/sudo looks like this: # # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $ # # PAM configuration for the su service # # auth authsufficient pam_rootok.so no_warn authsufficient pam_self.so no_warn authrequisite pam_group.sono_warn group=wheel root_only fail_safe authinclude system # account account include system # session session requiredpam_permit.so This looks like it was copied verbatim from su. I suspect the pam_self.so is causing problems. Sudo authenticates the user for their current account, not the target account. That line will cause authentication to short-circuit on a UID match w/o any need to provide a password. Try commenting it out. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley Thanks Christopher, That's exactly the problem. Seems the previous administrator of this machine made /etc/pam.d/sudo a link to /etc/pam.d/su and left it configured as is. Somehow I never caught on to that. -- Kamil ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sudo never asks me for a password
For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I tried running sudo -k, sudo -K before trying it. I've even tried manually removing /var/run/sudo. When I run sudo -l, I get: User kamil may run the following commands on this host: (ALL) ALL The contents of my /usr/local/etc/sudoers file is: Defaults authenticate rootALL=(ALL) ALL %sysops ALL=(ALL) ALL I've been struggling with this problem for some time but still haven't been able to find a solution. Any ideas? -- Kamil ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo never asks me for a password
On 11/23/07, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote: For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I've been struggling with this problem for some time but still haven't been able to find a solution. Any ideas? Maybe something is misconfigured in your pam stack? Check /etc/pam.d/sudo. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley Hi Christopher, /etc/pam.d/sudo looks like this: # # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $ # # PAM configuration for the su service # # auth authsufficient pam_rootok.so no_warn authsufficient pam_self.so no_warn authrequisite pam_group.sono_warn group=wheel root_only fail_safe authinclude system # account account include system # session session requiredpam_permit.so -- Kamil ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]