Bug 745

Summary: Receiving error: "sudo: policy plugin failed session initialization" on AIX LDAP enabled server
Product: Sudo Reporter: takae harrington <tharrin>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.8.16   
Hardware: IBM   
OS: AIX   

Description takae harrington 2016-06-06 14:35:31 MDT 
After the successful compile of sudo 1.8.16 on AIX 61 TL9 and AIX 71 TL4 - LDAP enabled server (non-ldap server did not have the same problem), sudo commands (except sudo -l and sudo -V) throws an error "sudo: policy plugin failed session initialization"  

Is this due to the potential problem when a user or group of the same name exists in multiple auth registries (local and LDAP)?  I tried the fix under Bug 744 (Defaults !pam_session in sudoers) and sudo works fine, but is this the right workaround? Is there anything else I should do?

Please let me know - Thank you.
Comment 1 Todd C. Miller 2016-06-06 15:24:29 MDT 
This means that the PAM session was not established for some reason.  Can you try the current sudo 1.8.17 beta?  It has a change that ignores generic PAM session errors.

https://www.sudo.ws/dist/beta/sudo-1.8.17b4.tar.gz
Comment 2 takae harrington 2016-06-06 16:03:51 MDT 
I tried the 1.8.17 beta and sudo compiled/worked fine on ldap server (both aix61 & 71) w/o adding the entry in sudoers. I will wait for the stable version 1.8.17 to roll our -- thank you!
Comment 3 Todd C. Miller 2016-06-07 10:24:31 MDT 
Thanks for testing, I'll close out this bug when 1.8.17 is released.
Comment 4 Todd C. Miller 2016-06-18 05:57:03 MDT 
Fixed in sudo 1.8.17 which is now available.