Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1315766
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: SSSD pam module does not appear to support two factor authentication when using with sudo. PAM can show multiple password prompts, e.g. for 2-Factor authorization. But sudo seems to be limited to one password prompt. Version-Release number of selected component (if applicable): sssd-1.13.0-40.el7_2.1 How reproducible: Always. Steps to Reproduce: 1. Use SSSD with IPA as backend 2. use standard authconfig pam configuration for sssd 3. Enable OTP for a user in IPA 4. try sudo for this user. Actual results: * Listing the sudo rules or trying to become root fails. bash-4.2$ sudo -l First Factor: Sorry, try again. First Factor: Sorry, try again. First Factor: Sorry, try again. sudo: 3 incorrect password attempts Expected results: bash-4.2$ sudo -i We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. First Factor: Second Factor: sudouser is not allowed to run sudo on server1. This incident will be reported. bash-4.2$ sudo bash First Factor: Second Factor: [root@server1 /]# Additional info: Fedora bugzilla : https://bugzilla.redhat.com/show_bug.cgi?id=1276868 Test build is available at : https://brewweb.devel.redhat.com/taskinfo?taskID=10615469
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 owner: somebody => sbose patch: 0 => 1 review: True => 0 rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1315766 1315766] => [https://bugzilla.redhat.com/show_bug.cgi?id=1315766 1315766] [https://bugzilla.redhat.com/show_bug.cgi?id=1276868 1276868] selected: => status: new => assigned testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.13.4
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.13.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4012
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.