Bug 150 – sudo does not reset bad login count when successfully authenticated

Bug 150 - sudo does not reset bad login count when successfully authenticated


Summary:	sudo does not reset bad login count when successfully authenticated

Status:	RESOLVED WONTFIX

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.8
Hardware:	HP HP-UX

Importance:	normal normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2004-09-20 14:37 MDT by Larry
Modified:	2012-03-15 15:27 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Larry 2004-09-20 14:37:42 MDT

HP-UX 11.11

TCB enabled.

When attempting to use the sudo command to execute a command, and user
intentionally mis-types the password, can see the invalid login count increment
via the getprpw -m culogin {user login} command.

Once the user types the correct password in, and sudo executes the command
passed to it, checking the getprpw -m culogin {user login} still shows the bad
login count that had been reached when mis-typing the password.

One has to open an SSH or telnet session to the box to reset the count.

Comment 1 Todd C. Miller 2004-10-07 14:33:32 MDT

Are you using PAM or sudo's natice TCB support?

Comment 2 Larry 2004-10-08 11:52:17 MDT

Report bugs to <bug-autoconf@gnu.org>."
ac_cs_version="\
sudo config.status 1.6.8
configured by ./configure, generated by GNU Autoconf 2.57,
  with options \"\"--with-pam\" \"--with-logging=syslog\" \"--with-ignore-dot\"
\"--with-timeout=1\" \"--with-password-timeout=1\" \"--with-tty-tickets\"
\"--disable-root-sudo\" 'CC=gcc'\"

Comment 3 Todd C. Miller 2012-03-15 15:27:35 MDT

Sudo 1.6.x is no longer supported and sudo now uses PAM by default on HP-UX 11.11 which should not have this problem.