Date: Fri, 28 May 2021 14:26:02 +0200 From: Peter Eriksson <pen@lysator.liu.se> To: freebsd-current <freebsd-current@freebsd.org> Subject: pam_radius fails after the latest libradius security patch... Message-ID: <E48D0DCD-1B3F-4B9C-95A4-77FE1E8AE8B3@lysator.liu.se>
next in thread | raw e-mail | index | archive | help
After upgrading FreeBSD 12.2 in order to get the fix from 'FreeBSD Security Advisory FreeBSD-SA-21:12.libradius’ sudo with pam_radius has started to fail for us. It correctly seems to communicate with the RADIUS server (used to trigger MFA authentication, so I get an authentication popup in the Microsoft Authenticar App) after entering the unix password first, but then something fails: % sudo su Password: sudo: PAM authentication error: Error in service module sudo: a password is required pam.d/sudo config file: # auth auth requisite pam_unix.so no_warn try_first_pass auth requisite pam_radius.so use_first_pass # account account include system # session session required pam_permit.so # password password include system Dunno if the problem is in sudo, libpam, libradius or pam_radius but the only thing changed is libradius. And if I replace libradius.so.4 with the previous version things work again... (Considering the spagetti code that sudo is I wouldn’t be surprised if the bug is there but still…) Am I the only one seeing this? - Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E48D0DCD-1B3F-4B9C-95A4-77FE1E8AE8B3>