[Freeipa-users] sudo with OTP
Sumit Bose
sbose at redhat.com
Mon Mar 14 14:49:54 UTC 2016
On Mon, Mar 14, 2016 at 07:28:01AM -0700, Brad Bendy wrote:
> HI,
>
> I have OTP setup and working just fine for logging into any servers,
> when attempting to run any command with sudo I get a "First factor:"
> prompt, I have entered my normal password but it fails. This only
> happens when OTP is on, with OTP off sudo works like you would think.
This is a know issue, please see
https://bugzilla.redhat.com/show_bug.cgi?id=1276868 for details. In case
you use CentOS/RHEL7 you can find a test build at
http://koji.fedoraproject.org/koji/taskinfo?taskID=13343842 .
bye,
Sumit
>
> The logs on the machine im trying to sudo show:
>
> Mar 14 08:23:13 ipatest audit: USER_AUTH pid=12495 uid=1818600003
> auid=1818600003 ses=8
> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> msg='op=PAM:authentication grantors=? acct="myusername"
> exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=failed'
>
> Mar 14 08:23:13 ipatest audit: USER_CMD pid=12495 uid=1818600003
> auid=1818600003 ses=8
> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> msg='cwd="/" cmd="su" terminal=pts/0 res=failed'
>
> Which it not being much help at all, on the IPA server itself im
> seeing nothing in the log when I run sudo, I do though when I login as
> my normal user.
>
> Google appears to have zero results on this, any clues what else I can
> check? Seems odd to me!
>
> Thanks
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list