FS#17519 - [sudo] does not ask for fingerprint with pam_fprint
Attached to Project:
Arch Linux
Opened by Eric Siegel (nticompass) - Tuesday, 15 December 2009, 17:43 GMT
Last edited by Allan McRae (Allan) - Wednesday, 23 June 2010, 07:21 GMT
Opened by Eric Siegel (nticompass) - Tuesday, 15 December 2009, 17:43 GMT
Last edited by Allan McRae (Allan) - Wednesday, 23 June 2010, 07:21 GMT
|
Details
Description:
I have "auth sufficient pam_fprint.so" at the top of my /etc/pam.d/sudo file. It is supposed to ask me to swipe my finger when I run sudo, and ask for a password if the swipe failed. This works fine in sudo 1.7.2p1-1, but in sudo 1.7.2p2-1 it just asks for a password, it does not ask me to swipe my finger. Additional info: * package version(s) core/sudo 1.7.2p2-1 extra/libfprint 0.0.6-3 extra/fprint_demo 0.4-2 * config and/or log files etc. /etc/pam.d/sudo #%PAM-1.0 auth sufficient pam_fprint.so auth required pam_unix.so auth required pam_nologin.so Steps to reproduce: 1. Install libfprint 2. Install sudo 3. Add "auth sufficient pam_fprint.so" to /etc/pam.d/sudo 4. Run sudo -s |
This task depends upon
Closed by Allan McRae (Allan)
Wednesday, 23 June 2010, 07:21 GMT
Reason for closing: Fixed
Additional comments about closing: sudo-1.7.2p7-2 in [testing]
Wednesday, 23 June 2010, 07:21 GMT
Reason for closing: Fixed
Additional comments about closing: sudo-1.7.2p7-2 in [testing]
* package versions:
libfprint 0.0.6-3
pam_fprint 0.2-1
sudo 1.7.2p2-1
* /etc/pam.d/sudo
#%PAM-1.0
auth sufficient pam_fprint.so
auth required pam_unix.so try_first_pass likeauth nullok
auth required pam_nologin.so
Other services configured to use pam_fprint (e.g: su) are asking for the swipe.
When authenticating via PAM, set PAM_RUSER and PAM_RHOST early so they can be used during authentication.
Maybe related?
Anyway, looks like an upstream issue as a Fedora user has noticed it [1], so please file a bug upstream (http://www.sudo.ws/bugs/) and give a link here.
[1] http://forums.fedoraforum.org/showthread.php?p=1320770#post1320770
The patch is here: http://www.gratisoft.us/bugzilla/attachment.cgi?id=277