pam_unix(sudo:auth): auth could not identify password for [xxxxxx]

MickeyRat · 2026-06-10 11:30:27

I must admit that I only check my system journal occasionally but, today when I did I saw the following errors I haven't seen bofore..

Jun 10 06:53:43 groucho sudo[2346]: pam_unix(sudo:auth): conversation failed
Jun 10 06:53:43 groucho sudo[2346]: pam_unix(sudo:auth): auth could not identify password for [xxxxxx]

I did a bit of searching and this seems to be related to PAM and would affect sudo but, I'm not seeing any unusual behavior with sudo. It's asking me for my password and granting me permissions just fine. I know nothing about PAM.

I do have an sudoers drop-in configuration file to override some of the default sudoer configurations that may be this cause of this.

/etc/sudoers.d/10_sudoers

# 
# Stop password prompt from timing out
#
Defaults passwd_timeout=0
#
## Allow members of group wheel to execute any command
%wheel ALL=(ALL:ALL) ALL

As I said, thare doesn't actually appear to be any problem. Can I safely ignore this error?

seth · 2026-06-10 15:10:35

Context?
When does this happen and how often?
What is the sudo command causing this?
Does the user "xxxxxx" actually exist?
Do you use systemd-homed?

MickeyRat · 2026-06-10 20:56:54

Thanks for the reply.

It happens on boot. I haven't seen it any other time.

The sudo command acts as expected. I only mentioned it because when I searched for this error, the only mention I found said sudo would be affected.

I substituted xxxxxx for my username but, the user in the message does exist.

I'm not using systemd-homed but, after looking at it, I may start to sometime.

seth · 2026-06-10 21:19:43

Why is a sudo command being executed during the boot?
How can it act "as expected" if pam_unix fails?

MickeyRat · 2026-06-11 03:57:04

As far as I know sudo isn't being executed at boot. It's possible that this is happening when i log in. I am running syncthing as a user service that fires up when I log in.. I don't see why that would execute an sudo though. I haven't seen this error being caused by sudo from the terminal. I only mentioned sudo because that's what I found when I searched for the error. As far as sudo and PAM go, I don't know a lot about PAM. I can't even say for certain that it is failing. All I know is that I'm seeing those messages in my journal. I'm not seeing anything wrong anywhere else. I would like to know how to get rid of those messages or failing that, to know that they can be safely ignored.

seth · 2026-06-11 07:04:11

The sudo command is supposed to be audited - it logs to the journal what is being sudo'd there
If you need a more informed comment, please post the system journal.

dimich · 2026-06-11 07:19:58

Usually this message appears when sudo run from a process without controlling terminal (systemd service etc) or interrupted / timed out while waiting for password.

seth wrote:

it logs to the journal what is being sudo'd there

Only after successfull authentication. No command printed on failure.
Audit framework may help to identify where sudo run from.

Arch Linux

#1 2026-06-10 11:30:27

pam_unix(sudo:auth): auth could not identify password for [xxxxxx]

#2 2026-06-10 15:10:35

Re: pam_unix(sudo:auth): auth could not identify password for [xxxxxx]

#3 2026-06-10 20:56:54

Re: pam_unix(sudo:auth): auth could not identify password for [xxxxxx]

#4 2026-06-10 21:19:43

Re: pam_unix(sudo:auth): auth could not identify password for [xxxxxx]

#5 2026-06-11 03:57:04

Re: pam_unix(sudo:auth): auth could not identify password for [xxxxxx]

#6 2026-06-11 07:04:11

Re: pam_unix(sudo:auth): auth could not identify password for [xxxxxx]

#7 2026-06-11 07:19:58

Re: pam_unix(sudo:auth): auth could not identify password for [xxxxxx]

Board footer