View previous topic :: View next topic |
Author |
Message |
Wizumwalt Guru
Joined: 20 Aug 2006 Posts: 547
|
Posted: Wed Jun 09, 2010 3:22 am Post subject: sudo help |
|
|
I lost power to my machine one night and after a reboot and fsck of the disks, the only other problem I seem to have is that when I run a command using sudo, I get the following output.
Code: |
$ sudo ps
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
|
Problem is, I don't even get a chance to input my password, it prints out all 3 "Sorry, try again" statements immediately and the prompt reappears.
Any ideas? |
|
Back to top |
|
|
Logicien Veteran
Joined: 16 Sep 2005 Posts: 1555 Location: Montréal
|
Posted: Wed Jun 09, 2010 4:38 am Post subject: |
|
|
It's look like a security addon from sudo that is the equivalent of not being in the sudo group.It's so weird that it make laugh.
Is /etc/sudoers have change since the power failure? _________________ Paul |
|
Back to top |
|
|
Wizumwalt Guru
Joined: 20 Aug 2006 Posts: 547
|
Posted: Thu Jun 10, 2010 1:06 am Post subject: |
|
|
None that I can see.
perms on /etc/sudoers is 0440 and the only thing in the file (uncommented) is:
root ALL=(ALL) ALL
me ALL=(ALL) ALL |
|
Back to top |
|
|
kimmie Guru
Joined: 08 Sep 2004 Posts: 531 Location: Australia
|
Posted: Thu Jun 10, 2010 12:55 pm Post subject: |
|
|
What's in /etc/pamd.d/sudo? |
|
Back to top |
|
|
i_hate_your_os Tux's lil' helper
Joined: 29 Aug 2002 Posts: 128 Location: Manhattan Beach, CA
|
Posted: Fri Jul 30, 2010 7:33 pm Post subject: I have this too... |
|
|
I got this too, but only very recently, so presumably with a different etiology. My system is ~amd64.
In my case, it apparently had something to do with the recent kerberos updates in PAM.
my /etc/pam.d/sudo was:
Code: | # File autogenerated by pamd_mimic in pam eclass
auth include system-auth
account include system-auth
password include system-auth
session include system-auth |
and I have in /etc/pam.d/system-auth:
Code: | auth required pam_env.so
auth [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_permit.so
account [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
session required pam_limits.so
session required pam_env.so
session [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass
session required pam_unix.so
session optional pam_permit.so |
logging into various kerberos identities didn't help.
commenting out the pam_krb5.so lines in /etc/pam.d/system-auth seemed to fix the problem. Since I wasn't sure if I really wanted to do that, I instead did this as root:
Code: | # cd /etc/pam.d
# cp sudo /root/wuz_etc_pam.d_sudo
# cat system-auth | grep -v pam_krb5 > sudo |
So, if you have ACCEPT_KEYWORDS="~amd64" && USE="kerberos" and just recently got this disease... there you have it maybe.
I wonder if perhaps there is a way, using this pam stuff, to make sudo actually respect PAM and give me root when I have tokens in /root/.k5login? That would be awesome.. _________________ -IHYOS
"All laws which are repugnant to the constitution are null and void."
-Marbury vs. Madison, 5 US (2 Cranch) 137, 174, 176, (1803) |
|
Back to top |
|
|
|