FS#67711 - [pam] pam 1.4 breaks sudo

Attached to Project: Arch Linux
Opened by Rowisi (Rowisi) - Monday, 24 August 2020, 23:36 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 11 September 2020, 14:08 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Tobias Powalowski (tpowa)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:
Thanks to PAM 1.4 (best upgrade ever) Login is now locked after 3 wrong attempts and also sudo is locked after 3 wrong attempts. I have many computers to work with and I type wrong passwords daily so this has just wasted my time and complicated my work.

Steps to reproduce:

1- write 3 wrong passwords for sudo
2- enjoy your life without sudo (you'll have to reboot or wait for long time)
This task depends upon

Closed by  Doug Newgard (Scimmia)
Friday, 11 September 2020, 14:08 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#67644 
Comment by Henry Nelson (hcnelson99) - Saturday, 29 August 2020, 15:40 GMT
Duplicate of https://bugs.archlinux.org/task/67644

Workaround:
Clear lockout with faillock --user $USER --reset
set deny = 0 in /etc/security/faillock.conf to prevent the issue from happening again.

It would be great if deny = 0 were set by default. deny = 3 seems like a very poor default from upstream.
Comment by Rowisi (Rowisi) - Saturday, 05 September 2020, 03:58 GMT
@hcnelson99 this is not a duplicate. Sudo keeps asking for password even after account is locked, even if you write the correct password it keeps asking again and again without telling why.

at least it must give an output that the user is locked.

Loading...