Arch Linux

kalasusi

Member

Registered: 2010-10-13

Posts: 4

sudo doesn't work anymore, not permitting me to enter password

Since two days, sudo doesn't work for me anymore. When I do

sudo any_command

I get:

Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts

I updated my server two days ago, but I cannot say whether it's related to my problem.

Here's the result of doing

tail /var/log/sudolog

as root (su works):

Oct 13 12:35:33 : kalasusi : 3 incorrect password attempts ; TTY=pts/2 ; PWD=/etc; USER=root ; COMMAND=/bin/ls

Here's the result of doing

tail /var/log/auth.log

as root (the last new lines after trying sudo again with my normal user):

Oct 13 14:52:59 myserver sudo: pam_unix(sudo:auth): authentication failure; logname=kalasusi uid=0 euid=0 tty=/dev/pts/1 ruser=kalasusi rhost=  user=kalasusi
Oct 13 14:53:05 myserver sudo:  kalasusi : 3 incorrect password attempts ; TTY=pts/1 ; PWD=/home/kalasusi ; USER=root ; COMMAND=/bin/ls

For some background info, the sudo troubleshooting guide identifies such a problem (the third Q&A):

Q) Sudo never gives me a chance to enter a password using PAM, it just
   says 'Sorry, try again.' three times and exits.
A) You didn't setup PAM to work with sudo.  On Redhat Linux or Fedora
   Core this generally means installing sample.pam as /etc/pam.d/sudo.
   See the sample.pam file for hints on what to use for other Linux
   systems.

The only problem is that I didn't change anything from the Arch stock configuration of /etc/pam.d/sudo, and it used to work. Here's the result of

cat /etc/pam.d/sudo

on my system:

#%PAM-1.0
auth        required    pam_unix.so
auth        required    pam_nologin.so

Something else that comes into my mind that might be connected with the problem is that at some point while doing maintenance on the server, I received the following error:

Authentication token manipulation error.

Unfortunately I don't remember in what context it was or whether the problem started afterwards. I believe though the problem is either that or the update, because those are the two extraordinary things that happened on the server since the problem started.

Anyone have any ideas? Thanks in advance!

Last edited by kalasusi (2010-10-13 23:20:14)

karol

Archivist

Registered: 2009-05-06

Posts: 25,440

Re: sudo doesn't work anymore, not permitting me to enter password

What packages were updated? Have you properly merged .pacnew files?

kalasusi

Member

Registered: 2010-10-13

Posts: 4

Re: sudo doesn't work anymore, not permitting me to enter password

[2010-10-11 22:08] Running 'pacman -Syu'
[2010-10-11 22:08] synchronizing package lists
[2010-10-11 22:10] starting full system upgrade
[2010-10-11 22:12] Generating locales...
[2010-10-11 22:12]   en_US.UTF-8... done
[2010-10-11 22:12]   en_US.ISO-8859-1... done
[2010-10-11 22:12] Generation complete.
[2010-10-11 22:12] upgraded glibc (2.12.1-1 -> 2.12.1-2)
[2010-10-11 22:12] upgraded binutils (2.20.1-3 -> 2.20.1-4)
[2010-10-11 22:12] upgraded libmysqlclient (5.1.50-1 -> 5.1.51-1)
[2010-10-11 22:12] upgraded logrotate (3.7.8-1 -> 3.7.9-1)
[2010-10-11 22:12] upgraded mysql-clients (5.1.50-1 -> 5.1.51-1)
[2010-10-11 22:13] upgraded mysql (5.1.50-1 -> 5.1.51-1)
[2010-10-11 22:13] upgraded php (5.3.3-1 -> 5.3.3-2)
[2010-10-11 22:13] upgraded php-cgi (5.3.3-1 -> 5.3.3-2)
[2010-10-11 22:13] upgraded php-gd (5.3.3-1 -> 5.3.3-2)
[2010-10-11 22:13] upgraded php-mcrypt (5.3.3-1 -> 5.3.3-2)
[2010-10-11 14:19] Running 'pacman -S apache'
[2010-10-11 14:21] installed apr (1.4.2-1)
[2010-10-11 14:21] installed unixodbc (2.3.0-1)
[2010-10-11 14:21] installed apr-util (1.3.10-1)
[2010-10-11 14:21] installed apache (2.2.16-1)
[2010-10-11 14:28] Running 'pacman -S php-apache'
[2010-10-11 14:28] installed php-apache (5.3.3-2)
[2010-10-12 19:46] Running 'pacman -Rns php-apache'
[2010-10-12 19:48] removed php-apache (5.3.3-2)
[2010-10-12 19:51] Running 'pacman -Rns apache'
[2010-10-12 19:51] removed apache (2.2.16-1)
[2010-10-12 19:51] removed apr-util (1.3.10-1)
[2010-10-12 19:51] removed unixodbc (2.3.0-1)
[2010-10-12 19:51] removed apr (1.4.2-1)
[2010-10-12 19:52] Running 'pacman -S nginx'
[2010-10-12 19:52] installed nginx (0.8.52-2)
[2010-10-12 20:01] Running 'pacman -S php-fpm'
[2010-10-12 20:01] installed libevent (1.4.14b-1)
[2010-10-12 20:01] installed php-fpm (5.3.3-2)
[2010-10-12 13:45] Running 'pacman -Rns nginx'
[2010-10-12 13:45] removed nginx (0.8.52-2)
[2010-10-12 13:46] Running 'pacman -Rns php-fpm'
[2010-10-12 13:46] removed php-fpm (5.3.3-2)
[2010-10-12 13:46] removed libevent (1.4.14b-1)

As you can see, I installed (and removed) apache and nginx, as I was testing their performance. I don't think it's related to this issue, but I'm adding this here for the sake of completeness.

Last edited by kalasusi (2010-10-13 23:26:13)

linux-ka

Member

From: ADL

Registered: 2010-05-07

Posts: 232

Re: sudo doesn't work anymore, not permitting me to enter password

1.) Caps-lock?
2.) Does it still refuse after changing the users password?

.:B:.

Forum Fellow

Registered: 2006-11-26

Posts: 5,819

Website

Re: sudo doesn't work anymore, not permitting me to enter password

Sudo has had a few updates recently:

[stijn@hermes ~]$ grep sudo /var/log/pacman.log | tail -4
[2010-08-11 13:44] upgraded sudo (1.7.3-1 -> 1.7.4.p2-1)
[2010-08-22 16:13] warning: /etc/sudoers installed as /etc/sudoers.pacnew
[2010-08-22 16:13] upgraded sudo (1.7.4.p2-1 -> 1.7.4.p3-1)
[2010-09-09 08:22] upgraded sudo (1.7.4.p3-1 -> 1.7.4.p4-1)

I strongly recommend you merge config files before you try to fix things, if it's not such a silly thing as a Caps Lock still being active.

---

Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

kalasusi

Member

Registered: 2010-10-13

Posts: 4

Re: sudo doesn't work anymore, not permitting me to enter password

Well, it can't be a Caps Lock problem, since I never get to enter my password.

I did change the user's password. I even made a new user just for the sake of checking -- it doesn't work.

I currently have no new config anymore to merge. My sudo wasn't recently updated -- this installation already came with the version 1.7.4.p4-1.

I really get the feeling something is wrong with pam... or with /etc/shadow. I did try to activate ssh login on the server (I use keys) to check if I can login normally with this user, and I can. Does anyone know of a good way to debug pam?

Last edited by kalasusi (2010-10-14 14:33:25)

.:B:.

Forum Fellow

Registered: 2006-11-26

Posts: 5,819

Website

Re: sudo doesn't work anymore, not permitting me to enter password

Try including the pam_debug module in /etc/pam.d/sudo.

---

Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

kalasusi

Member

Registered: 2010-10-13

Posts: 4

Re: sudo doesn't work anymore, not permitting me to enter password

I tried to activate it, but I can't find anywhere documentation how to use it properly to debug pam.

Ideas, anyone?