Bug 744

Summary: Receiving error: "sudo: policy plugin failed session initialization"
Product: Sudo Reporter: troy.hudson
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high    
Priority: low    
Version: 1.8.16   
Hardware: Sun   
OS: Solaris 2.x   

Description troy.hudson 2016-05-11 13:18:41 MDT 
Using CSWSudo package version 1.8.16,REV=2016.03.18 on a Solaris 9 branded zone. After configuring the sudoers file and verifying syntax with visudo, I receive the following message when executing sudo as root or any user account on the system.
    
sudo: policy plugin failed session initialization


Xref OpenCSW bug: https://www.opencsw.org/mantis/view.php?id=5277
Comment 1 Todd C. Miller 2016-05-11 14:37:58 MDT 
It looks like this is due to pam_open_session() failing.  The message from PAM is "Can not make/remove entry for session".

As a workaround you can add the following line to your sudoers file:

Defaults !pam_session
Comment 2 Todd C. Miller 2016-05-11 15:00:59 MDT 
The problem does not occur with the Solaris 9 package from sudo.ws.  I'm not sure why pam_open_session() would fail with the CSW package and not with the package I produce.
Comment 3 troy.hudson 2016-05-11 15:14:33 MDT 
The workaround worked. I attempted this earlier but I put the exclusion in incorrectly. I was not aware of a sudo package from sudo.ws. I may switch to it going forward and use the CSW packages for other items I need.
Comment 4 Todd C. Miller 2016-05-11 15:17:29 MDT 
I just verified that a sudo package built natively on Solaris 9 works too (the ones I build are usually cross-compiled on Solaris 11).  I'm not sure what is different about the CSW package.
Comment 5 Todd C. Miller 2016-06-18 05:59:37 MDT 
Fixed in sudo 1.8.17 which is now available.

Sudo no longer treats PAM_SESSION_ERR as a fatal error when opening the PAM session.  Other errors from pam_open_session() are still treated as fatal.  This avoids the "policy plugin failed session initialization" error message seen on some systems.