Subject: pkgsrc/security/sudo and Linux issues
To: None <tech-pkg@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-pkg
Date: 02/02/2005 15:16:42
I upgraded sudo on two of my Linux boxes (because audit-packages told
me!).
I have a few issues with the package:
1) sudo didn't work due to:
reed@puget:~$ sudo ls
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
I had no chance to type in my password.
My auth.log has:
Feb 2 15:06:05 puget PAM-warn[1152]: function=3D[pam_sm_authenticate]
service=3D[sudo] terminal=3D[ttyp0] user=3D[reed] ruser=3D[<unknown>]
rhost=3D[<unknown>] Feb 2 15:06:05 puget last message repeated 2 times
So I see I need a sudo rule for PAM.
My mk.conf has:
USE_PAM=3D YES
PKG_DEFAULT_OPTIONS+=3D PAM libcrack
So I added a /etc/pam.d/sudo and now sudo prompted me, but failed:
reed@puget:~$ sudo ls
Password:
sudo: contact your system administrator, =C4=C7E=FCAccount or password is e=
xpired
Sorry, try again.
Password:
2) Notice the strange character codes above.
And auth.log has:
Feb 2 15:12:12 puget sudo(pam_unix)[1173]: authentication failure;
logname=3D uid=3D0 euid=3D0 tty=3Dttyp0 ruser=3D rhost=3D user=3Dreed
My previously working sudo was not linked with libpam. The new one is.
Any ideas on that?
I guess I should consult the sudo mailing list.
3) The DESCR should probably not mention the mailing list paragraph. The
share/doc/sudo/README can have that info.
4) I noticed the man pages were missing. It is now using PLIST.${OPSYS}
and no PLIST.Linux for listing the man-pages. (This problem existed with
my old sudo-1.6.7.5 package also.)
Maybe instead of using PLIST.${OPSYS} (because we need to add all the
PLIST.OPSYS we support) it could use some PLIST_SUBST as needed.
This is sudo-1.6.8pl5nb1 and PAM-0.77nb4.
Jeremy C. Reed
=09 =09 =09 BSD News, BSD tutorials, BSD links
=09 =09 =09 http://www.bsdnewsletter.com/