From: Todd C. Miller Date: Fri, 28 Sep 2012 13:05:31 +0000 (-0400) Subject: Mention HP-UX pam.conf settings. X-Git-Tag: SUDO_1_8_7~1^2~378 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=acb9c62987decbeb5f5d9a16742c7fcc0c6f42e3;p=sudo Mention HP-UX pam.conf settings. --- diff --git a/doc/TROUBLESHOOTING b/doc/TROUBLESHOOTING index ecd9854f7..c3a9b1391 100644 --- a/doc/TROUBLESHOOTING +++ b/doc/TROUBLESHOOTING @@ -67,7 +67,7 @@ A) Make sure you have an entry in your syslog.conf file to save its conf file. Also, remember that syslogd does *not* create log files, you need to create the file before syslogd will log to it (ie: touch /var/log/sudo). - Note: the facility (e.g. "auth.debug") must be separated from the + Note: the facility (e.g. "auth.debug") must be separated from the destination (e.g. "/var/log/auth" or "@loghost") by tabs, *not* spaces. This is a common error. @@ -240,6 +240,18 @@ A) On systems that use a Mozilla-derived LDAP SDK there must be a Enter new password: Re-enter password: +Q) On HP-UX, when I run command via sudo it displays information + about the last successful login and last authentication failure + for every command. How can I fix this? +A) This output comes from /usr/lib/security/libpam_hpsec.so.1. + To suppress it, add a line like the following to /etc/pam.conf: + sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login + +Q) On HP-UX, the umask setting in sudoers has no effect. +A) If your /etc/pam.conf file has the libpam_hpsec.so.1 session module + enabled, you may need to a add line like the following to pam.conf: + sudo session required libpam_hpsec.so.1 bypass_umask + Q) When I run sudo on AIX I get the following error: setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID): Operation not permitted. A) AIX's Enhanced RBAC is preventing sudo from running. To fix