Peter Eriksson
2021-05-28 12:26:02 UTC
After upgrading FreeBSD 12.2 in order to get the fix from 'FreeBSD Security Advisory FreeBSD-SA-21:12.libradiusâ sudo with pam_radius has started to fail for us. It correctly seems to communicate with the RADIUS server (used to trigger MFA authentication, so I get an authentication popup in the Microsoft Authenticar App) after entering the unix password first, but then something fails:
% sudo su
Password:
sudo: PAM authentication error: Error in service module
sudo: a password is required
pam.d/sudo config file:
# auth
auth requisite pam_unix.so no_warn try_first_pass
auth requisite pam_radius.so use_first_pass
# account
account include system
# session
session required pam_permit.so
# password
password include system
Dunno if the problem is in sudo, libpam, libradius or pam_radius but the only thing changed is libradius. And if I replace libradius.so.4 with the previous version things work again...
(Considering the spagetti code that sudo is I wouldnât be surprised if the bug is there but stillâŠ)
Am I the only one seeing this?
- Peter
% sudo su
Password:
sudo: PAM authentication error: Error in service module
sudo: a password is required
pam.d/sudo config file:
# auth
auth requisite pam_unix.so no_warn try_first_pass
auth requisite pam_radius.so use_first_pass
# account
account include system
# session
session required pam_permit.so
# password
password include system
Dunno if the problem is in sudo, libpam, libradius or pam_radius but the only thing changed is libradius. And if I replace libradius.so.4 with the previous version things work again...
(Considering the spagetti code that sudo is I wouldnât be surprised if the bug is there but stillâŠ)
Am I the only one seeing this?
- Peter