[Freeipa-users] sudo with OTP

Brad Bendy brad.bendy at gmail.com
Tue Mar 22 17:06:56 UTC 2016 

Im having some issues applying these patches with dependencies. But on
a side note, this needs to be applied to the client machines as well
the IPA server itself, correct?


Thanks

On Mon, Mar 14, 2016 at 8:54 AM, Brad Bendy <brad.bendy at gmail.com> wrote:
> I see that now, thanks for the link. Ill give those patches a whirl.
>
> On Mon, Mar 14, 2016 at 7:49 AM, Sumit Bose <sbose at redhat.com> wrote:
>> On Mon, Mar 14, 2016 at 07:28:01AM -0700, Brad Bendy wrote:
>>> HI,
>>>
>>> I have OTP setup and working just fine for logging into any servers,
>>> when attempting to run any command with sudo I get a "First factor:"
>>> prompt, I have entered my normal password but it fails. This only
>>> happens when OTP is on, with OTP off sudo works like you would think.
>>
>> This is a know issue, please see
>> https://bugzilla.redhat.com/show_bug.cgi?id=1276868 for details. In case
>> you use CentOS/RHEL7 you can find a test build at
>> http://koji.fedoraproject.org/koji/taskinfo?taskID=13343842 .
>>
>> bye,
>> Sumit
>>>
>>> The logs on the machine im trying to sudo show:
>>>
>>> Mar 14 08:23:13 ipatest audit: USER_AUTH pid=12495 uid=1818600003
>>> auid=1818600003 ses=8
>>> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>>> msg='op=PAM:authentication grantors=? acct="myusername"
>>> exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=failed'
>>>
>>> Mar 14 08:23:13 ipatest audit: USER_CMD pid=12495 uid=1818600003
>>> auid=1818600003 ses=8
>>> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>>> msg='cwd="/" cmd="su" terminal=pts/0 res=failed'
>>>
>>> Which it not being much help at all, on the IPA server itself im
>>> seeing nothing in the log when I run sudo, I do though when I login as
>>> my normal user.
>>>
>>> Google appears to have zero results on this, any clues what else I can
>>> check? Seems odd to me!
>>>
>>> Thanks
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list