Bug 388

Summary: sudo does not ask for fingerprint with pam_fprint
Product: Sudo Reporter: Eric Siegel <nticompass>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal CC: nticompass
Priority: low    
Version: 1.7.2   
Hardware: PC   
OS: Linux   
URL: http://bugs.archlinux.org/task/17519
Attachments: Patch to back out pam changes in sudo 1.7.2p2

Description Eric Siegel 2010-01-24 20:44:00 MST 
I am running Arch Linux.  I have "auth sufficient pam_fprint.so" at the top of my /etc/pam.d/sudo file. It is supposed to ask me to swipe my finger when I run sudo, and ask for a password if the swipe failed. This works fine in sudo 1.7.2p1-1, but in sudo 1.7.2p2-1 it just asks for a password, it does not ask me to swipe my finger.

Additional info:
* package version(s)
core/sudo 1.7.2p2-1
extra/libfprint 0.0.6-3
extra/pam_fprint 0.2-1
extra/fprint_demo 0.4-2

* config and/or log files etc.
/etc/pam.d/sudo
#%PAM-1.0
auth sufficient pam_fprint.so
auth required pam_unix.so
auth required pam_nologin.so

Steps to reproduce:
1. Install libfprint
2. Install sudo
3. Add "auth sufficient pam_fprint.so" to /etc/pam.d/sudo
4. Run sudo -s
Comment 1 Eric Siegel 2010-03-11 11:37:04 MST 
This problem still exists with sudo 1.7.2p5.  Only sudo 1.7.2p1 works with pam_fprint, none of the newer versions do.
Comment 2 Todd C. Miller 2010-06-18 16:29:01 MDT 
Created attachment 277 [details]
Patch to back out pam changes in sudo 1.7.2p2

The attached patch backs out the pam changes introduced in sudo 1.7.2p2.  Can you see if that fixes the problem?
Comment 3 Eric Siegel 2010-06-18 17:18:25 MDT 
Unless I did something wrong, this didn't seem to work.
Comment 4 Eric Siegel 2010-06-21 20:02:51 MDT 
(In reply to comment #3)
> Unless I did something wrong, this didn't seem to work.

I did do something wrong.  I forgot to add "auth sufficient pam_fprint.so" to /etc/pam.d/sudo.

It works great with the patch.  Thanks,
Comment 5 Eric Siegel 2010-06-22 09:03:38 MDT 
I patched sudo 1.7.2p7, and it worked great.