HPE Community
Operating System - HP-UX
1820475 Members
3005 Online
109624 Solutions
New Discussion юеВ

shadow and sudo (passwd authentication)

 
Sunny Jaisinghani
Trusted Contributor

тАО02-10-2009 03:05 AM

тАО02-10-2009 03:05 AM

shadow and sudo (passwd authentication)

Hello All,

I have installed shadow software on my 11.11 box

# PHCO_27035 1.0 shadow.h cumulative patch
# ShadowPW B.11.11.03 HP-UX 11.11 Shadow Password Enablement Product
ShadowPW.SHADOW B.11.11.03 Shadow Password Enablement
ShadowPW.SHADOW-MAN B.11.11.03 Shadow Password Enablement Man Pages


The sudo version installed on this server is

Sudo version 1.6.3p7
Authentication methods: 'passwd' 'secureware'

When i do sudo su - my password does not accepted. It says wrong password. However; my passowrd works during login

So my doubt is

Do shadow and sudo(passwd authentication) work together?

Or i will have to change the authentication to PAM

Thanks
Sunny
0 Kudos
Reply
8 REPLIES 8
Steven E. Protter
Exalted Contributor

тАО02-10-2009 03:10 AM

тАО02-10-2009 03:10 AM

Re: shadow and sudo (passwd authentication)

Shalom,

sudo is fully compatible with shadow password authentication.

I have used it on Linux and HP-UX shadowed systems.

I would have shadow installed and working prior to installing sudo, but that is probably not strictly necessary.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Sunny Jaisinghani
Trusted Contributor

тАО02-10-2009 03:15 AM

тАО02-10-2009 03:15 AM

Re: shadow and sudo (passwd authentication)

sudo with passwd authentication was working fine before we had installed shadow.

After installing shadow; sudo without passwd authentication works fine but not with passwd authentication

Can you suggest any action

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО02-10-2009 04:22 AM

тАО02-10-2009 04:22 AM

Re: shadow and sudo (passwd authentication)

Do you have any passwords that have more than 8 chars? Without trusted/shadow, any beyond 8 were ignored.
0 Kudos
Reply
Sunny Jaisinghani
Trusted Contributor

тАО02-10-2009 04:24 AM

тАО02-10-2009 04:24 AM

Re: shadow and sudo (passwd authentication)

No.
The password i am using is exactly 8 characters long.

It has only 1 special character "_"

0 Kudos
Reply
Doug O'Leary
Honored Contributor

тАО02-10-2009 04:56 AM

тАО02-10-2009 04:56 AM

Re: shadow and sudo (passwd authentication)

Hey;

grep log /opt/sudo/etc/sudoers

If you don't have a log file entry in sudoers, put one in. Then, try the password authentication again and examine the sudo log.

I would have guessed that you have a @ in your password; however, your last entry says you don't.

Make sure you type your password cleanly - no backspaces, etc. Perhaps your term isn't set up quite correctly such that instead of

abc123

you're actually typing

adj^H^Hbc123

To answer your original question, though, shadow passwords and sudo are fully compatible. We use them across our environment to good effect.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
Sunny Jaisinghani
Trusted Contributor

тАО02-10-2009 05:06 AM

тАО02-10-2009 05:06 AM

Re: shadow and sudo (passwd authentication)

The TERM is set to xterm

# echo $TERM
xterm

I am entering the password correctly.
Other users are also facing same problem with their passwords

There is no entry for log file in /etc/sudoers

However the sudo messages are logging in syslog.log

Feb 10 01:40:48 servername sudo: username : 2 incorrect password attempts ; TTY=pts/5 ; PWD=/home/username ; USER=root ; COMMAND=/usr/bin/su -
Feb 10 01:52:18 servername sudo: user : 1 incorrect password attempt ; TTY=pts/6 ; PWD=/home/user ; USER=root ; COMMAND=/usr/bin/su -


0 Kudos
Reply
S. Ney
Trusted Contributor

тАО03-12-2009 06:57 AM

тАО03-12-2009 06:57 AM

Re: shadow and sudo (passwd authentication)

Can you try connecting through a non Xterm application, like putty? Check to see if .Xauthority exists in your root and user home directories. I've found that there are issues with .Xauthority and su.(I am still trying to work out my own issues) When you are already logged in on an xterm window and then issue the su - command it references .profile and .Xauthority.
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

тАО03-12-2009 07:10 AM

тАО03-12-2009 07:10 AM

Re: shadow and sudo (passwd authentication)

Hi,

You could upgrade you sudo install to the latest version (1.6.9p17.001).

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1123

Regards,
Robert-Jan
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.