Subject: pkgsrc/security/sudo and Linux issues
To: None <tech-pkg@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-pkg
Date: 02/02/2005 15:16:42
I upgraded sudo on two of my Linux boxes (because audit-packages told
me!).

I have a few issues with the package:

1) sudo didn't work due to:

reed@puget:~$ sudo ls
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts

I had no chance to type in my password.

My auth.log has:

Feb  2 15:06:05 puget PAM-warn[1152]: function=3D[pam_sm_authenticate]
service=3D[sudo] terminal=3D[ttyp0] user=3D[reed] ruser=3D[<unknown>]
rhost=3D[<unknown>] Feb  2 15:06:05 puget last message repeated 2 times


So I see I need a sudo rule for PAM.

My mk.conf has:
USE_PAM=3D        YES
PKG_DEFAULT_OPTIONS+=3D   PAM libcrack

So I added a /etc/pam.d/sudo and now sudo prompted me, but failed:


reed@puget:~$ sudo ls
Password:
sudo: contact your system administrator, =C4=C7E=FCAccount or password is e=
xpired
Sorry, try again.
Password:


2) Notice the strange character codes above.

And auth.log has:

Feb  2 15:12:12 puget sudo(pam_unix)[1173]: authentication failure;
logname=3D uid=3D0 euid=3D0 tty=3Dttyp0 ruser=3D rhost=3D  user=3Dreed

My previously working sudo was not linked with libpam. The new one is.

Any ideas on that?

I guess I should consult the sudo mailing list.

3) The DESCR should probably not mention the mailing list paragraph. The
share/doc/sudo/README can have that info.

4) I noticed the man pages were missing. It is now using PLIST.${OPSYS}
and no PLIST.Linux for listing the man-pages. (This problem existed with
my old sudo-1.6.7.5 package also.)

Maybe instead of using PLIST.${OPSYS} (because we need to add all the
PLIST.OPSYS we support) it could use some PLIST_SUBST as needed.


This is sudo-1.6.8pl5nb1 and PAM-0.77nb4.

 Jeremy C. Reed

 =09  =09 =09 BSD News, BSD tutorials, BSD links
=09  =09 =09 http://www.bsdnewsletter.com/