Skip to content

sudo -n incorrectly ask for a password when using pam #83

New issue
New issue
Closed
Closed
sudo -n incorrectly ask for a password when using pam#83
@deadalnix

Description

@deadalnix
deadalnix
opened on Jan 27, 2021

Hi all,

First and foremost, apologies if this bug is known or if I missed a workaround. If so, just send me there, thanks in advance.

I'm trying to use pam ssh agent auth to allow users to be able to sudo without a password, granted they are using the proper identity. While this seems to be working in interactive mode, non interactive mode keep asking for a password when none is needed.

$ sudo -V
Sudo version 1.8.27
Sudoers policy plugin version 1.8.27
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.27
$ sudo -k whoami
root
$ sudo -nk whoami
sudo: a password is required

Unless I am missing something, this seems like a bug. Clearly, a password is NOT required, unless I somehow fubared the config - which is absolutely possible.

pam ssh agent is setup as the first item in /etc/pam.d/sudo:

auth sufficient pam_ssh_agent_auth.so file=/path/to/authorized/pubkeys

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions