From owner-freebsd-questions@FreeBSD.ORG Sat Nov 24 03:16:28 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8B5916A417 for ; Sat, 24 Nov 2007 03:16:28 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: from hal.rescomp.berkeley.edu (hal.Rescomp.Berkeley.EDU [169.229.70.150]) by mx1.freebsd.org (Postfix) with ESMTP id C220313C468 for ; Sat, 24 Nov 2007 03:16:28 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: by hal.rescomp.berkeley.edu (Postfix, from userid 1225) id 702F63C04D7; Fri, 23 Nov 2007 19:16:28 -0800 (PST) Date: Fri, 23 Nov 2007 19:16:28 -0800 From: Christopher Cowart To: Kamil Kisiel Message-ID: <20071124031628.GI43532@hal.rescomp.berkeley.edu> Mail-Followup-To: Kamil Kisiel , freebsd-questions@freebsd.org References: <66d392400711231543x42aea684l3752bbbdcb65d2c5@mail.gmail.com> <20071124030410.GH43532@hal.rescomp.berkeley.edu> <66d392400711231909h42ca826la5d8818864a78a4e@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="02TgiDMAH4DLwn5E" Content-Disposition: inline In-Reply-To: <66d392400711231909h42ca826la5d8818864a78a4e@mail.gmail.com> Organization: RSSP-IT, UC Berkeley User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-questions@freebsd.org Subject: Re: sudo never asks me for a password X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2007 03:16:28 -0000 --02TgiDMAH4DLwn5E Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 23, 2007 at 07:09:36PM -0800, Kamil Kisiel wrote: > On 11/23/07, Christopher Cowart wrote: > > On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote: > > > For some reason, on this particular FreeBSD machine, sudo never asks > > > me for a password, even if I haven't logged in for days. > > > > > > I've been struggling with this problem for some time but still haven't > > > been able to find a solution. Any ideas? > > > > Maybe something is misconfigured in your pam stack? Check > > /etc/pam.d/sudo. >=20 > /etc/pam.d/sudo looks like this: >=20 > # > # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $ > # > # PAM configuration for the "su" service > # >=20 > # auth > auth sufficient pam_rootok.so no_warn > auth sufficient pam_self.so no_warn > auth requisite pam_group.so no_warn > group=3Dwheel root_only fail_safe > auth include system >=20 > # account > account include system >=20 > # session > session required pam_permit.so This looks like it was copied verbatim from su. I suspect the pam_self.so is causing problems. Sudo authenticates the=20 user for their current account, not the target account. That line will=20 cause authentication to short-circuit on a UID match w/o any need to=20 provide a password. Try commenting it out. --=20 Chris Cowart Lead Systems Administrator Network & Infrastructure Services, RSSP-IT UC Berkeley --02TgiDMAH4DLwn5E Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iQIVAwUBR0eXjCPHEDszU3zYAQLf9w/8DuWF9htJc19tik5kr2w4xfGLavU+/vkT JsfM73/PfP/r+k6hpiilntxXjDrD1bUE2c7puFCmR1CxfextpaD+OmS2qaII18uw vZGWyhihgBCT+4xWnxjIaS0aQY0kMFsa3B7Hkl4dcdqcDPqsqyK2qMieoP3/jMO5 hU3jWd0ZvMT0UFd+k43RQM70YQaKMtAN7utUVVHd9UDXxPtYT3u/wE+l4lFfROOR JjHzYbRZxDN5d0GYQxB7aUaRX6oJzblavqPSqdF10AQlAX9AqeV6lOtqTMw058yy NLKbpK5xO4ac7q21nmqzxOOZp/zvarVvlFrIcTlND/kibvtsgWJlheCVGI06j+YK mloB9aKRWZuPSlSvGKP8IzcNJJOYpMCvC1Ftn0sKTnlYs5efaHW2l8ApzWiumUuA C2IWnsFPbdc0up0SdCOINKBqZSU/RamMLCflxJTZACMJEetc7WBHqQn6xb91jzUE 4C7rcGoKn7sbZjOOhDLswbwITzjBvLOX/C4spStK4sJwYWzmc0pJYGDULHWkzKjf kAq+omI1+OBb229CIdaN/o1bBr+3E66Ev9+ZhKwC4JehY9DeiWyH+J46y3bCOHWT Zy7/MtrKBIbHiZh1Jwg76lblCvcfa+eHzMiDQyiposqcM4PHZvGqFI9C6XxJnkcs g5Ff9iidWR8= =kzHj -----END PGP SIGNATURE----- --02TgiDMAH4DLwn5E--