[prev in list] [next in list] [prev in thread] [next in thread]
List: sudo-workers
Subject: minor weirdness with sudo and pam_ldap
From: Justin Hahn <jeh () profitlogic ! com>
Date: 2001-11-20 15:59:15
Message-ID: 419A3E73A18BD211A17000105A1C37E9C9D7B1 () mail ! grossprofit ! com
[Download RAW message or body]
[This is being cross-posted to both pamldap@padl.com and
sudo-workers@courtesan.com]
I'm seeing a very minor weirdness with sudo when using pam_ldap.
Specifically, I get one crack at the password, and if I get it wrong sudo
complains with:
sudo: pam_authenticate: Authentication service cannot retrieve
authentication info.
My PAM stack for sudo looks like this:
auth sufficient pam_ldap.so
auth required pam_unix.so try_first_password
I should point out that this is more of an annoyance as it means:
1) If I get the right password everything is just fine.
2) If I get it wrong I don't get a second chance at entering my password.
(and I tend to mistype a bit...)
3) If I get the passphrase wrong, sudo doesn't report this, as it's erroring
out.
I believe the problem is that pam_ldap returns PAM_AUTHINFO_UNAVAIL in the
case that authentication fails, but sudo only looks for PAM_AUTH_ERR or
PAM_MAX_TRIES. I'm not sure whose bug this is, but I can produce a trivial
patch for sudo that fixes this. (and there may be an argument for and
against doing it in sudo...) I should point out that the fix for sudo does
work fine, but I'm not sure whether it's sudo or pam_ldap's issue.
----
Justin Hahn ProfitLogic
jhahn@profitlogic.com 11 Cambridge Center
Systems Administrator Cambridge, MA 02142
o: 617-218-1986 www.profitlogic.com
m: 617-501-2743
f: 617-218-1901
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic