Forgot your password?
Close
typodupeerror
Red Hat Software

Journal cyranoVR's Journal: Riddle Me This... 18

Journal by cyranoVR

From the sudo troubleshooting FAQ

Q) When sudo asks me for my password it never accepts what I enter even though I know I entered my password correctly.
A) If your system uses shadow passwords, it is possible that sudo didn't detect this. Take a look at the generated config.h file and verify that the C function used for shadow password lookups was detected. For instance, for SVR4-style shadow passwords, HAVE_GETSPNAM should be defined (you can search for the string "shadow passwords" in config.h with your editor). Note that there is no define for 4.4BSD-based shadow passwords since that just uses the standard getpw* routines.

Why oh why would RedHat ship a version of sudo that doesn't work with Shadow Passwords out-of-the-box, and then enable shadow passwords on their default install.

On one hand I'm learning all sorts of wonderful things about linux security. On the other hand WTF.

Maybe the answer is on my RedHat install cd (i.e. I just have to select the sudo.shadow rpm), but I will have to wait until I get home to find out(dammit).

Maybe I shouldn't bother with sudo since I am the only one doing admin stuff on my machine and get back to more important topics (like Java Swing UI programming).

This discussion has been archived. No new comments can be posted.

Riddle Me This... More

Riddle Me This...

Comments Filter:

  • sudo is actually pretty dangerous (Score:3, Informative)

    by FortKnox ( 169099 ) on Tuesday March 16, 2004 @12:22PM (#8578901) Homepage Journal
    sudo into vi, drop to shell within vi and you are now root.

    Its something I try to keep away from users.
  • Why not use SWT [eclipse.org]?
    • Because I already know a lot about swing and it is a standard part of the java 2 runtime pluggin (this is going to be a web-based applet).

      SWT would require me to distribute extra class libaries along with whatever code I am already deploying. Ugh.

      I'm not close-minded to it. Maybe I'll take a look after I use swing for a while.

      Also, I took a look at JGoodies and arrived at the same conclusion - first I have to learn more about Swing.
      • Another question...the applet you're writing, can it be done simply with HTML or is it fairly dynamic/interactive? If you can envision a GUI in HTML, you could use Tomcat w/ Java servlets which are VERY cool and make it an html based application! :) If you're doing something graphical like, say...graphs, then maybe the applet is the way.

        Applets can sometimes be a pain to use, but are probably required in some circumstance, but if it can be done in HTML, IMO, it *should* be done in HTML.
        • He wants a slick gui, I give him a slick gui.

          What's that you say? Swing is too slow? Well, for impatient sorts like yourself, there will be a traditional HTML interface (sorta like there are both java editors and a html form-based editors for most free email web sites).
          • Let me clarify, I'm not anti-Swing or impatient, but I've gotten the impression that most people are impatient and don't like dealing with Applets (they actually do tend to lock up/slow down your machine sometimes though). That's where I got that rule of thumb.

            More power to ya! :) Good going. Keep...erm...swinging! ;)

  • Why oh why would RedHat ship a version of sudo that doesn't work with Shadow Passwords out-of-the-box, and then enable shadow passwords on their default install.

    I'm pretty sure that's never happened. I know I use sudo a lot on all my boxes, including the few FC1. Although I am currently using it with "foo ALL=(ALL) NOPASSWD: ALL" so I don't need a password. Have you tried looking in /var/log/secure and /var/log/messages to see if that gives any clues?

    • So I just need to configure my /etc/sudoers file properly?

      Riddle solved(? | !)
    • lthough I am currently using it with "foo ALL=(ALL) NOPASSWD: ALL" so I don't need a password.

      Well, that worked! However, I am still concerned about the password feature not working...I suspect it is a shadow passwords issue, as adding the line

      foo ALL=(ALL) ALL

      still resulted in the 3 erroneous "Incorrect Password" messages.

      Ah well...
  • I can't speak to why RH sucks re: sudo. All I know is that I feel a lot better that I have an ability to be root only 1 command at a time. I actually set it so that the user is immediately timed out ie one has to enter password every time. Also, re: the responder any sudo's supposed security flaw, I think this is handled in the sudoers file (or whatever). I allow myself all root capability in there, but I restrict all my other users to things like reboot and halt. The last thing I want is for some mani

Slashdot Top Deals

Air pollution is really making us pay through the nose.

Close