Mention HP-UX pam.conf settings.

diff --git a/doc/TROUBLESHOOTING b/doc/TROUBLESHOOTING
index ecd9854f7556c6f79542dea8cde48aeb2555a71b..c3a9b139122db4ba0352f6743beebd741762d25b 100644 (file)
--- a/doc/TROUBLESHOOTING
+++ b/doc/TROUBLESHOOTING
@@ -67,7 +67,7 @@ A) Make sure you have an entry in your syslog.conf file to save
    its conf file.  Also, remember that syslogd does *not* create
    log files, you need to create the file before syslogd will log
    to it (ie: touch /var/log/sudo).
-   Note:  the facility (e.g. "auth.debug") must be separated from the 
+   Note:  the facility (e.g. "auth.debug") must be separated from the
          destination (e.g. "/var/log/auth" or "@loghost") by
          tabs, *not* spaces.  This is a common error.
 
@@ -240,6 +240,18 @@ A) On systems that use a Mozilla-derived LDAP SDK there must be a
     Enter new password: <return>
     Re-enter password: <return>
 
+Q) On HP-UX, when I run command via sudo it displays information
+   about the last successful login and last authentication failure
+   for every command.  How can I fix this?
+A) This output comes from /usr/lib/security/libpam_hpsec.so.1.
+   To suppress it, add a line like the following to /etc/pam.conf:
+   sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login
+
+Q) On HP-UX, the umask setting in sudoers has no effect.
+A) If your /etc/pam.conf file has the libpam_hpsec.so.1 session module
+   enabled, you may need to a add line like the following to pam.conf:
+   sudo session required libpam_hpsec.so.1 bypass_umask
+
 Q) When I run sudo on AIX I get the following error:
     setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID): Operation not permitted.
 A) AIX's Enhanced RBAC is preventing sudo from running.  To fix