[gentoo-user] sudo requires password twice

[gentoo-user] sudo requires password twice

[Daevid Vincent]

I recently did an update world and had that 'pam'/'shadow' issue. 
Followed these pages:
http://planet.gentoo.org/developers/flameeyes/2006/03/19/the_shadow_and_pam_
login_conflict
http://www.mail-archive.com/gentoo-user@lists.gentoo.org/msg35692.html

Everything seems fine. 
I've rebooted many times since. 
I can login from ssh or console. 

One odd behaviour:

daevid@locutus ~ $ sudo ifconfig
Password:
Password:
eth0      Link encap:Ethernet  HWaddr 00:08:74:E0:5C:3B  
          inet addr:172.16.35.234  Bcast:172.16.63.255  Mask:255.255.224.0
	    ...

Whenever I first type 'sudo' I am prompted twice?! Then of course sudo
remembers me for 5 minutes or whatever the timeout is, so subsequent 'sudo'
calls are not prompted.

I don't know if this is relevant, but perhaps it has to do with the pam
thing above?

locutus ~ # cat /etc/pam.d/sudo
# File autogenerated by pamd_mimic_system in pam eclass

auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so

auth            include         system-auth
account         include         system-auth
password        include         system-auth
session         include         system-auth

ÐÆ5ÏÐ 


-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] sudo requires password twice

[Daevid Vincent]

Just a little more info on this. I noticed on my server which I've not done
the pam/shadow update emerge yet, this same anomolie occurs... Any ideas on
why? 

> -----Original Message-----
> From: Daevid Vincent [mailto:daevid@daevid.com] 
> Sent: Friday, June 09, 2006 2:46 PM
> To: gentoo-user@lists.gentoo.org
> Subject: [gentoo-user] sudo requires password twice
> 
> I recently did an update world and had that 'pam'/'shadow' issue. 
> Followed these pages:
> http://planet.gentoo.org/developers/flameeyes/2006/03/19/the_s
> hadow_and_pam_
> login_conflict
> http://www.mail-archive.com/gentoo-user@lists.gentoo.org/msg35692.html
> 
> Everything seems fine. 
> I've rebooted many times since. 
> I can login from ssh or console. 
> 
> One odd behaviour:
> 
> daevid@locutus ~ $ sudo ifconfig
> Password:
> Password:
> eth0      Link encap:Ethernet  HWaddr 00:08:74:E0:5C:3B  
>           inet addr:172.16.35.234  Bcast:172.16.63.255  
> Mask:255.255.224.0
> 	    ...
> 
> Whenever I first type 'sudo' I am prompted twice?! Then of course sudo
> remembers me for 5 minutes or whatever the timeout is, so 
> subsequent 'sudo'
> calls are not prompted.
> 
> I don't know if this is relevant, but perhaps it has to do 
> with the pam
> thing above?
> 
> locutus ~ # cat /etc/pam.d/sudo
> # File autogenerated by pamd_mimic_system in pam eclass
> 
> auth       required     /lib/security/pam_stack.so service=system-auth
> auth       required     /lib/security/pam_nologin.so
> 
> auth            include         system-auth
> account         include         system-auth
> password        include         system-auth
> session         include         system-auth
> 
> ÐÆ5ÏÐ 
> 
> 
> -- 
> gentoo-user@gentoo.org mailing list
> 
> 


-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] sudo requires password twice

[Daevid Vincent]

I've not figured this out yet, so reposting in case someone has any ideas...

I did find this link:
http://www.mail-archive.com/openpkg-users@openpkg.org/msg01747.html

But I tried to add this:

	auth 	required 	try_first_pass

To my /etc/pam.d/sudo file and it didn't work.
Did I do that wrong?

This is my current file (default)

# File autogenerated by pamd_mimic_system in pam eclass
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
auth            include         system-auth
account         include         system-auth
password        include         system-auth
session         include         system-auth

And I'm using app-admin/sudo 1.6.8_p9-r2 and sys-libs/pam 0.78-r5

DÆVID  

> -----Original Message-----
> From: Daevid Vincent [mailto:daevid@daevid.com] 
> Sent: Sunday, June 11, 2006 10:44 PM
> To: gentoo-user@lists.gentoo.org
> Subject: RE: [gentoo-user] sudo requires password twice
> 
> Just a little more info on this. I noticed on my server which 
> I've not done
> the pam/shadow update emerge yet, this same anomolie 
> occurs... Any ideas on
> why? 
> 
> > -----Original Message-----
> > From: Daevid Vincent [mailto:daevid@daevid.com] 
> > Sent: Friday, June 09, 2006 2:46 PM
> > To: gentoo-user@lists.gentoo.org
> > Subject: [gentoo-user] sudo requires password twice
> > 
> > I recently did an update world and had that 'pam'/'shadow' issue. 
> > Followed these pages:
> > http://planet.gentoo.org/developers/flameeyes/2006/03/19/the_s
> > hadow_and_pam_
> > login_conflict
> > 
> http://www.mail-archive.com/gentoo-user@lists.gentoo.org/msg35692.html
> > 
> > Everything seems fine. 
> > I've rebooted many times since. 
> > I can login from ssh or console. 
> > 
> > One odd behaviour:
> > 
> > daevid@locutus ~ $ sudo ifconfig
> > Password:
> > Password:
> > eth0      Link encap:Ethernet  HWaddr 00:08:74:E0:5C:3B  
> >           inet addr:172.16.35.234  Bcast:172.16.63.255  
> > Mask:255.255.224.0
> > 	    ...
> > 
> > Whenever I first type 'sudo' I am prompted twice?! Then of 
> course sudo
> > remembers me for 5 minutes or whatever the timeout is, so 
> > subsequent 'sudo'
> > calls are not prompted.
> > 
> > I don't know if this is relevant, but perhaps it has to do 
> > with the pam
> > thing above?
> > 
> > locutus ~ # cat /etc/pam.d/sudo
> > # File autogenerated by pamd_mimic_system in pam eclass
> > 
> > auth       required     /lib/security/pam_stack.so 
> service=system-auth
> > auth       required     /lib/security/pam_nologin.so
> > 
> > auth            include         system-auth
> > account         include         system-auth
> > password        include         system-auth
> > session         include         system-auth
> > 
> > ÐÆ5ÏÐ 
> > 
> > 
> > -- 
> > gentoo-user@gentoo.org mailing list
> > 
> > 
> 
> 
> -- 
> gentoo-user@gentoo.org mailing list
> 
> 


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo requires password twice

[Boyd Stephen Smith Jr.]

[-- Attachment #1: Type: text/plain, Size: 1185 bytes --]

On Thursday 05 October 2006 16:36, "Daevid Vincent" <daevid@daevid.com> 
wrote about 'RE: [gentoo-user] sudo requires password twice':
> I've not figured this out yet, so reposting in case someone has any
> ideas...

Hrm, I either never got the original (not surprising) of I was just 
skimming my mail to quickly and missed your question (even less 
surprising).

> auth       required     /lib/security/pam_stack.so service=system-auth

This line...

> auth            include         system-auth

and this one are redundant.  They both run through the system-auth chain as 
part of authentication.  In effect you are telling PAM that any sudo 
authentication needs to do system authentication twice w/ whatever 
pam_nologin does in between.

You'll want to remove one or the other, after investigating any subtle 
differences between the two that I'm unaware of, which may or may not 
exist.  (I haven't messed with PAM in months.)

-- 
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

RE: [gentoo-user] sudo requires password twice

[Daevid Vincent]

Can someone paste/send me their (stock) "/etc/pam.d/sudo" file?

I don't do anything fancy and haven't purposefully edited this file, so I
just want whatever the standard (current) Gentoo version is. This double
prompting is very frustrating...

DÆVID  

> -----Original Message-----
> From: Boyd Stephen Smith Jr. [mailto:bss03@volumehost.net] 
> Sent: Thursday, October 05, 2006 5:46 PM
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] sudo requires password twice
> 
> On Thursday 05 October 2006 16:36, "Daevid Vincent" 
> <daevid@daevid.com> 
> wrote about 'RE: [gentoo-user] sudo requires password twice':
> > I've not figured this out yet, so reposting in case someone has any
> > ideas...
> 
> Hrm, I either never got the original (not surprising) of I was just 
> skimming my mail to quickly and missed your question (even less 
> surprising).
> 
> > auth       required     /lib/security/pam_stack.so 
> service=system-auth
> 
> This line...
> 
> > auth            include         system-auth
> 
> and this one are redundant.  They both run through the 
> system-auth chain as 
> part of authentication.  In effect you are telling PAM that any sudo 
> authentication needs to do system authentication twice w/ whatever 
> pam_nologin does in between.
> 
> You'll want to remove one or the other, after investigating 
> any subtle 
> differences between the two that I'm unaware of, which may or may not 
> exist.  (I haven't messed with PAM in months.)


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo requires password twice

[Boyd Stephen Smith Jr.]

[-- Attachment #1: Type: text/plain, Size: 457 bytes --]

On Tuesday 07 November 2006 20:39, "Daevid Vincent" <daevid@daevid.com> 
wrote about 'RE: [gentoo-user] sudo requires password twice':
> Can someone paste/send me their (stock) "/etc/pam.d/sudo" file?

Sent via private mail.

-- 
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]