{"id":17,"date":"2009-02-12T16:49:34","date_gmt":"2009-02-12T16:49:34","guid":{"rendered":"http:\/\/brucetimberlake.com\/blog\/?p=17"},"modified":"2009-02-12T18:12:06","modified_gmt":"2009-02-12T18:12:06","slug":"sudo-and-local-passwords-vs-ssh","status":"publish","type":"post","link":"https:\/\/brucetimberlake.com\/blog\/2009\/02\/12\/sudo-and-local-passwords-vs-ssh\/","title":{"rendered":"sudo and local passwords vs SSH"},"content":{"rendered":"

Just tracked down a problem with sudo at work. The error message<\/p>\n

sudo: pam_authenticate: Module is unknown<\/code><\/p>\n

would show up when doing “sudo su -”<\/p>\n

An initial strace shows that libkeyutils was being looked for:<\/p>\n

\r\nopen(\"\/lib64\/tls\/x86_64\/libkeyutils.so.1\", O_RDONLY) = -1 ENOENT (No such file or directory)\r\nstat(\"\/lib64\/tls\/x86_64\", 0x7fffe8902810) = -1 ENOENT (No such file or directory)\r\nopen(\"\/lib64\/tls\/libkeyutils.so.1\", O_RDONLY) = -1 ENOENT (No such file or directory)\r\nstat(\"\/lib64\/tls\", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0\r\nopen(\"\/lib64\/x86_64\/libkeyutils.so.1\", O_RDONLY) = -1 ENOENT (No such file or directory)\r\nstat(\"\/lib64\/x86_64\", 0x7fffe8902810)   = -1 ENOENT (No such file or directory)\r\n<\/pre>\n
but was not installed on the server. A “correct” server shows:<\/p>\n
\r\n[root@host ~]# rpm -qa | grep keyutils|sort\r\nkeyutils-libs-1.2-1.el5\r\nkeyutils-libs-1.2-1.el5\r\nkeyutils-libs-devel-1.2-1.el5\r\nkeyutils-libs-devel-1.2-1.el5\r\n<\/pre>\n
Without keyutils installed, the SSH keys we had set up weren’t able to be processed. PAM then fell back to local passwords, which was not set for the particular user in question.<\/p>\n
Anyway, just hoping this helps someone else in the future.<\/p>\n","protected":false},"excerpt":{"rendered":"
Just tracked down a problem with sudo at work. The error message sudo: pam_authenticate: Module is unknown would show up when doing “sudo su -” An initial strace shows that libkeyutils was being looked for: open(“\/lib64\/tls\/x86_64\/libkeyutils.so.1”, O_RDONLY) = -1 ENOENT (No such file or directory) stat(“\/lib64\/tls\/x86_64”, 0x7fffe8902810) = -1 ENOENT (No such file or directory) … Continue reading “sudo and local passwords vs SSH”<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[7,34],"class_list":["post-17","post","type-post","status-publish","format-standard","hentry","category-sysadmin","tag-security","tag-sysadmin"],"_links":{"self":[{"href":"https:\/\/brucetimberlake.com\/blog\/wp-json\/wp\/v2\/posts\/17","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brucetimberlake.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brucetimberlake.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brucetimberlake.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/brucetimberlake.com\/blog\/wp-json\/wp\/v2\/comments?post=17"}],"version-history":[{"count":3,"href":"https:\/\/brucetimberlake.com\/blog\/wp-json\/wp\/v2\/posts\/17\/revisions"}],"predecessor-version":[{"id":20,"href":"https:\/\/brucetimberlake.com\/blog\/wp-json\/wp\/v2\/posts\/17\/revisions\/20"}],"wp:attachment":[{"href":"https:\/\/brucetimberlake.com\/blog\/wp-json\/wp\/v2\/media?parent=17"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brucetimberlake.com\/blog\/wp-json\/wp\/v2\/categories?post=17"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brucetimberlake.com\/blog\/wp-json\/wp\/v2\/tags?post=17"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}