Since two days, sudo doesn't work for me anymore. When I do
Sorry, try again. Sorry, try again. Sorry, try again. sudo: 3 incorrect password attempts
I updated my server two days ago, but I cannot say whether it's related to my problem.
Here's the result of doing
as root (su works):
Oct 13 12:35:33 : kalasusi : 3 incorrect password attempts ; TTY=pts/2 ; PWD=/etc; USER=root ; COMMAND=/bin/ls
Here's the result of doing
as root (the last new lines after trying sudo again with my normal user):
Oct 13 14:52:59 myserver sudo: pam_unix(sudo:auth): authentication failure; logname=kalasusi uid=0 euid=0 tty=/dev/pts/1 ruser=kalasusi rhost= user=kalasusi Oct 13 14:53:05 myserver sudo: kalasusi : 3 incorrect password attempts ; TTY=pts/1 ; PWD=/home/kalasusi ; USER=root ; COMMAND=/bin/ls
For some background info, the sudo troubleshooting guide identifies such a problem (the third Q&A):
Q) Sudo never gives me a chance to enter a password using PAM, it just
says 'Sorry, try again.' three times and exits.
A) You didn't setup PAM to work with sudo. On Redhat Linux or Fedora
Core this generally means installing sample.pam as /etc/pam.d/sudo.
See the sample.pam file for hints on what to use for other Linux
The only problem is that I didn't change anything from the Arch stock configuration of /etc/pam.d/sudo, and it used to work. Here's the result of
on my system:
#%PAM-1.0 auth required pam_unix.so auth required pam_nologin.so
Something else that comes into my mind that might be connected with the problem is that at some point while doing maintenance on the server, I received the following error:
Authentication token manipulation error.
Unfortunately I don't remember in what context it was or whether the problem started afterwards. I believe though the problem is either that or the update, because those are the two extraordinary things that happened on the server since the problem started.
Anyone have any ideas? Thanks in advance!
Last edited by kalasusi (2010-10-13 23:20:14)
What packages were updated? Have you properly merged .pacnew files?
[2010-10-11 22:08] Running 'pacman -Syu' [2010-10-11 22:08] synchronizing package lists [2010-10-11 22:10] starting full system upgrade [2010-10-11 22:12] Generating locales... [2010-10-11 22:12] en_US.UTF-8... done [2010-10-11 22:12] en_US.ISO-8859-1... done [2010-10-11 22:12] Generation complete. [2010-10-11 22:12] upgraded glibc (2.12.1-1 -> 2.12.1-2) [2010-10-11 22:12] upgraded binutils (2.20.1-3 -> 2.20.1-4) [2010-10-11 22:12] upgraded libmysqlclient (5.1.50-1 -> 5.1.51-1) [2010-10-11 22:12] upgraded logrotate (3.7.8-1 -> 3.7.9-1) [2010-10-11 22:12] upgraded mysql-clients (5.1.50-1 -> 5.1.51-1) [2010-10-11 22:13] upgraded mysql (5.1.50-1 -> 5.1.51-1) [2010-10-11 22:13] upgraded php (5.3.3-1 -> 5.3.3-2) [2010-10-11 22:13] upgraded php-cgi (5.3.3-1 -> 5.3.3-2) [2010-10-11 22:13] upgraded php-gd (5.3.3-1 -> 5.3.3-2) [2010-10-11 22:13] upgraded php-mcrypt (5.3.3-1 -> 5.3.3-2) [2010-10-11 14:19] Running 'pacman -S apache' [2010-10-11 14:21] installed apr (1.4.2-1) [2010-10-11 14:21] installed unixodbc (2.3.0-1) [2010-10-11 14:21] installed apr-util (1.3.10-1) [2010-10-11 14:21] installed apache (2.2.16-1) [2010-10-11 14:28] Running 'pacman -S php-apache' [2010-10-11 14:28] installed php-apache (5.3.3-2) [2010-10-12 19:46] Running 'pacman -Rns php-apache' [2010-10-12 19:48] removed php-apache (5.3.3-2) [2010-10-12 19:51] Running 'pacman -Rns apache' [2010-10-12 19:51] removed apache (2.2.16-1) [2010-10-12 19:51] removed apr-util (1.3.10-1) [2010-10-12 19:51] removed unixodbc (2.3.0-1) [2010-10-12 19:51] removed apr (1.4.2-1) [2010-10-12 19:52] Running 'pacman -S nginx' [2010-10-12 19:52] installed nginx (0.8.52-2) [2010-10-12 20:01] Running 'pacman -S php-fpm' [2010-10-12 20:01] installed libevent (1.4.14b-1) [2010-10-12 20:01] installed php-fpm (5.3.3-2) [2010-10-12 13:45] Running 'pacman -Rns nginx' [2010-10-12 13:45] removed nginx (0.8.52-2) [2010-10-12 13:46] Running 'pacman -Rns php-fpm' [2010-10-12 13:46] removed php-fpm (5.3.3-2) [2010-10-12 13:46] removed libevent (1.4.14b-1)
As you can see, I installed (and removed) apache and nginx, as I was testing their performance. I don't think it's related to this issue, but I'm adding this here for the sake of completeness.
Last edited by kalasusi (2010-10-13 23:26:13)
2.) Does it still refuse after changing the users password?
Sudo has had a few updates recently:
[stijn@hermes ~]$ grep sudo /var/log/pacman.log | tail -4 [2010-08-11 13:44] upgraded sudo (1.7.3-1 -> 1.7.4.p2-1) [2010-08-22 16:13] warning: /etc/sudoers installed as /etc/sudoers.pacnew [2010-08-22 16:13] upgraded sudo (1.7.4.p2-1 -> 1.7.4.p3-1) [2010-09-09 08:22] upgraded sudo (1.7.4.p3-1 -> 1.7.4.p4-1)
I strongly recommend you merge config files before you try to fix things, if it's not such a silly thing as a Caps Lock still being active.
Well, it can't be a Caps Lock problem, since I never get to enter my password.
I did change the user's password. I even made a new user just for the sake of checking -- it doesn't work.
I currently have no new config anymore to merge. My sudo wasn't recently updated -- this installation already came with the version 1.7.4.p4-1.
I really get the feeling something is wrong with pam... or with /etc/shadow. I did try to activate ssh login on the server (I use keys) to check if I can login normally with this user, and I can. Does anyone know of a good way to debug pam?
Last edited by kalasusi (2010-10-14 14:33:25)
I tried to activate it, but I can't find anywhere documentation how to use it properly to debug pam.