[Freeipa-users] sudo with OTP

[Brad Bendy]

I see that now, thanks for the link. Ill give those patches a whirl.

On Mon, Mar 14, 2016 at 7:49 AM, Sumit Bose <sbose at redhat.com> wrote:
> On Mon, Mar 14, 2016 at 07:28:01AM -0700, Brad Bendy wrote:
>> HI,
>>
>> I have OTP setup and working just fine for logging into any servers,
>> when attempting to run any command with sudo I get a "First factor:"
>> prompt, I have entered my normal password but it fails. This only
>> happens when OTP is on, with OTP off sudo works like you would think.
>
> This is a know issue, please see
> https://bugzilla.redhat.com/show_bug.cgi?id=1276868 for details. In case
> you use CentOS/RHEL7 you can find a test build at
> http://koji.fedoraproject.org/koji/taskinfo?taskID=13343842 .
>
> bye,
> Sumit
>>
>> The logs on the machine im trying to sudo show:
>>
>> Mar 14 08:23:13 ipatest audit: USER_AUTH pid=12495 uid=1818600003
>> auid=1818600003 ses=8
>> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> msg='op=PAM:authentication grantors=? acct="myusername"
>> exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=failed'
>>
>> Mar 14 08:23:13 ipatest audit: USER_CMD pid=12495 uid=1818600003
>> auid=1818600003 ses=8
>> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> msg='cwd="/" cmd="su" terminal=pts/0 res=failed'
>>
>> Which it not being much help at all, on the IPA server itself im
>> seeing nothing in the log when I run sudo, I do though when I login as
>> my normal user.
>>
>> Google appears to have zero results on this, any clues what else I can
>> check? Seems odd to me!
>>
>> Thanks
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project