Bug #1226
closedsu is asking superuser for password
0%
Description
Hi community,
After the last upgrade on Jan' 4th to:
dennis@dfly> uname -a
DragonFly dfly.melent.local 2.1.1-DEVELOPMENT DragonFly
2.1.1-DEVELOPMENT #1: Sun Jan 4 04:51:33 EET 2009
root@dfly.melent.local:/usr/obj/usr/src/sys/GENERIC i386
su started asking for a password while su'ing from root to less
privileged users.
Steps to reproduce:
1. login as regular user
2. dennis@dfly> sudo su -
Password:
3. root@dfly# su bind
Password: <just enter>
pam_unix: pam_sm_authenticate: UNIX authentication refused
su: Sorry
bind:*:53:53:Bind Sandbox:/:/sbin/nologin
This could be a sude-effect of Peter Avalos' recent commits (or
missing some of his latest commits)
PS. For the moment, system is upgraded one more time, to Jan'7th
state. Same results.
--
Dennis Melentyev
Updated by pavalos almost 16 years ago
Did you do a 'make upgrade'?
I'm guessing you don't have the pam configuration files in pam.d/, but
if you do, let us know.
--Peter
Updated by dennis.melentyev almost 16 years ago
Hi Peter,
I did make upgrade. But never touched /etc/pam.d content.
For now, it is:
dennis@dfly (xterm) > ll /etc/pam.d/
total 26rw-r--r- 1 root wheel 2901 Sep 24 23:47 READMErw-r--r- 1 root wheel 3274 Sep 24 23:47 convert.shrw-r--r- 1 root wheel 335 Sep 24 23:47 ftpdrw-r--r- 1 root wheel 302 Sep 24 23:47 gdmrw-r--r- 1 root wheel 165 Sep 24 23:47 imaprw-r--r- 1 root wheel 431 Sep 24 23:47 loginrw-r--r- 1 root wheel 214 Sep 24 23:47 otherrw-r--r- 1 root wheel 165 Sep 24 23:47 pop3rw-r--r- 1 root wheel 388 Sep 24 23:47 sshdrw-r--r- 1 root wheel 171 Sep 24 23:47 telnetdrw-r--r- 1 root wheel 300 Sep 24 23:47 xdm
Not sure it is Ok, since files are dated Sep 24.
PS. Just ran "make upgrade" one more time. No change.
Updated by pavalos almost 16 years ago
Ah, yes I see what's happening. We don't just blindly install the files
into that directory, since it could be locally modified. If you don't
have any local modifications in /etc/pam.d/ your best bet is to:
cd /usr/src/etc
make install
If you do have local mods, you can do the above, but you'll have to redo
those changes. Otherwise, your other option is to use mergemaster -s.
--Peter
Updated by corecode almost 16 years ago
You need /usr/src/etc/pam.d
cheers
simon
Updated by pavalos almost 16 years ago
Yeh, sorry about that:
cd /usr/src/etc/pam.d
make install
Updated by pavalos almost 16 years ago
How's this look?
------------
The PAM modules and some userland utilities were changed to become PAM-aware.
The configuration files in /etc/pam.d/ need to be updated for the change. If
there are no local modifications in /etc/pam.d/, the easiest thing to do is:
cd /usr/src/etc/pam.d
make install
The configuration files may also be updated with 'mergemaster s'.
-----------
--Peter
Updated by justin almost 16 years ago
On Sun, January 11, 2009 10:19 pm, Peter Avalos wrote:
This is great - if for no other reason than I know I'll upgrade
shiningsilence.com at some point and have totally forgotten about this.
Updated by dennis.melentyev almost 16 years ago
Thanks guys!
cd /usr/src/etc/pam.d && make install worked just perfectly for me.
I had no local modifications, so no reason to bother about merging.
Please, close this issue.
/dennis
Updated by dillon almost 16 years ago
:Peter Avalos <pavalos@theshell.com> added the comment:
:
:How's this look?
:
:------------
:The PAM modules and some userland utilities were changed to become PAM-awar=
:e=2E
:The configuration files in /etc/pam.d/ need to be updated for the change. =
:If
:there are no local modifications in /etc/pam.d/, the easiest thing to do is:
:
: cd /usr/src/etc/pam.d
: make install
:
:The configuration files may also be updated with 'mergemaster s'.
:-----------
:
:--Peter
Ick. make upgrade should either do the required work or it should
work the user at the end that work needs to be done. That's the
whole point of having a make upgrade.
-Matt
Updated by pavalos almost 16 years ago
8424467a03e42b42f2e4fb15bdc8cccb301aa1da should fix this.