On Fri, Nov 23, 2007 at 07:09:36PM -0800, Kamil Kisiel wrote: > On 11/23/07, Christopher Cowart <[EMAIL PROTECTED]> wrote: > > On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote: > > > For some reason, on this particular FreeBSD machine, sudo never asks > > > me for a password, even if I haven't logged in for days. > > > > > > I've been struggling with this problem for some time but still haven't > > > been able to find a solution. Any ideas? > > > > Maybe something is misconfigured in your pam stack? Check > > /etc/pam.d/sudo. > > /etc/pam.d/sudo looks like this: > > # > # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $ > # > # PAM configuration for the "su" service > # > > # auth > auth sufficient pam_rootok.so no_warn > auth sufficient pam_self.so no_warn > auth requisite pam_group.so no_warn > group=wheel root_only fail_safe > auth include system > > # account > account include system > > # session > session required pam_permit.so
This looks like it was copied verbatim from su. I suspect the pam_self.so is causing problems. Sudo authenticates the user for their current account, not the target account. That line will cause authentication to short-circuit on a UID match w/o any need to provide a password. Try commenting it out. -- Chris Cowart Lead Systems Administrator Network & Infrastructure Services, RSSP-IT UC Berkeley
pgpFD1relxoDg.pgp
Description: PGP signature
