Date: Fri, 28 May 2021 14:26:02 +0200 From: Peter Eriksson <pen@lysator.liu.se> To: freebsd-current <freebsd-current@freebsd.org> Subject: pam_radius fails after the latest libradius security patch... Message-ID: <E48D0DCD-1B3F-4B9C-95A4-77FE1E8AE8B3@lysator.liu.se>
next in thread | raw e-mail | index | archive | help
--Apple-Mail=_E681EBCC-535B-4802-8E49-2746D6F3B42A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 After upgrading FreeBSD 12.2 in order to get the fix from 'FreeBSD = Security Advisory FreeBSD-SA-21:12.libradius=E2=80=99 sudo with = pam_radius has started to fail for us. It correctly seems to communicate = with the RADIUS server (used to trigger MFA authentication, so I get an = authentication popup in the Microsoft Authenticar App) after entering = the unix password first, but then something fails: % sudo su Password: sudo: PAM authentication error: Error in service module sudo: a password is required pam.d/sudo config file: # auth auth requisite pam_unix.so no_warn = try_first_pass auth requisite pam_radius.so use_first_pass # account account include system # session session required pam_permit.so # password password include system Dunno if the problem is in sudo, libpam, libradius or pam_radius but the = only thing changed is libradius. And if I replace libradius.so.4 with = the previous version things work again... (Considering the spagetti code that sudo is I wouldn=E2=80=99t be = surprised if the bug is there but still=E2=80=A6) Am I the only one seeing this? - Peter --Apple-Mail=_E681EBCC-535B-4802-8E49-2746D6F3B42A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E48D0DCD-1B3F-4B9C-95A4-77FE1E8AE8B3>