sudo never asks me for a password
Kamil Kisiel
kamil at kamilkisiel.net
Fri Nov 23 19:31:26 PST 2007
On Nov 23, 2007 7:16 PM, Christopher Cowart
<ccowart at rescomp.berkeley.edu> wrote:
> On Fri, Nov 23, 2007 at 07:09:36PM -0800, Kamil Kisiel wrote:
> > On 11/23/07, Christopher Cowart <ccowart at rescomp.berkeley.edu> wrote:
> > > On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote:
> > > > For some reason, on this particular FreeBSD machine, sudo never asks
> > > > me for a password, even if I haven't logged in for days.
> > > >
> > > > I've been struggling with this problem for some time but still haven't
> > > > been able to find a solution. Any ideas?
> > >
> > > Maybe something is misconfigured in your pam stack? Check
> > > /etc/pam.d/sudo.
> >
> > /etc/pam.d/sudo looks like this:
> >
> > #
> > # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $
> > #
> > # PAM configuration for the "su" service
> > #
> >
> > # auth
> > auth sufficient pam_rootok.so no_warn
> > auth sufficient pam_self.so no_warn
> > auth requisite pam_group.so no_warn
> > group=wheel root_only fail_safe
> > auth include system
> >
> > # account
> > account include system
> >
> > # session
> > session required pam_permit.so
>
> This looks like it was copied verbatim from su.
>
> I suspect the pam_self.so is causing problems. Sudo authenticates the
> user for their current account, not the target account. That line will
> cause authentication to short-circuit on a UID match w/o any need to
> provide a password. Try commenting it out.
>
> --
>
> Chris Cowart
> Lead Systems Administrator
> Network & Infrastructure Services, RSSP-IT
> UC Berkeley
>
Thanks Christopher,
That's exactly the problem. Seems the previous administrator of this
machine made /etc/pam.d/sudo a link to /etc/pam.d/su and left it
configured as is. Somehow I never caught on to that.
--
Kamil
More information about the freebsd-questions
mailing list