Bugzilla – Bug 121
sudo 1.6.6 and 1.6.7 do not work with ShadowPassword on HP-UX 11i (11.11)
Last modified: 2004-01-09 05:30:45 MST
HP has added a new product called ShadowPassword for HP-UX 11i or higher. This provides for just a shadow password file (/etc/shadow). This shouldn't be confused with the Trusted Computing Base that HP has supplied for many years that includes a different type of shadowing. Sudo will not accept any password that I enter while the system is "converted" (using pwconv). If I unconvert the system with pwunconv, sudo works fine. I tried compiling 1.6.7 with the "#define HAVE_GETSPNAM 1" set with the same result.
I was able to get around this problem by undefining HAVE_ISCOMSEC and defining HAVE_GETSPNAM. The logic in the code of getspwuid.c assumes that there are 2 choices, Trusted or normal. Instead, if getspnam is available it should be used. On a properly patched HPUX 11.11 server, getspnam will work with shadow password, trusted, or no shadowing.
I changed the configure script to use getspnam() for HP-UX 11 and higher.