sudo never asks me for a password
Christopher Cowart
ccowart at rescomp.berkeley.edu
Fri Nov 23 19:16:28 PST 2007
On Fri, Nov 23, 2007 at 07:09:36PM -0800, Kamil Kisiel wrote:
> On 11/23/07, Christopher Cowart <ccowart at rescomp.berkeley.edu> wrote:
> > On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote:
> > > For some reason, on this particular FreeBSD machine, sudo never asks
> > > me for a password, even if I haven't logged in for days.
> > >
> > > I've been struggling with this problem for some time but still haven't
> > > been able to find a solution. Any ideas?
> >
> > Maybe something is misconfigured in your pam stack? Check
> > /etc/pam.d/sudo.
>
> /etc/pam.d/sudo looks like this:
>
> #
> # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $
> #
> # PAM configuration for the "su" service
> #
>
> # auth
> auth sufficient pam_rootok.so no_warn
> auth sufficient pam_self.so no_warn
> auth requisite pam_group.so no_warn
> group=wheel root_only fail_safe
> auth include system
>
> # account
> account include system
>
> # session
> session required pam_permit.so
This looks like it was copied verbatim from su.
I suspect the pam_self.so is causing problems. Sudo authenticates the
user for their current account, not the target account. That line will
cause authentication to short-circuit on a UID match w/o any need to
provide a password. Try commenting it out.
--
Chris Cowart
Lead Systems Administrator
Network & Infrastructure Services, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20071124/bdd45af1/attachment.pgp
More information about the freebsd-questions
mailing list