Bugzilla – Bug 744
Receiving error: "sudo: policy plugin failed session initialization"
Last modified: 2016-06-18 05:59:37 MDT
Using CSWSudo package version 1.8.16,REV=2016.03.18 on a Solaris 9 branded zone. After configuring the sudoers file and verifying syntax with visudo, I receive the following message when executing sudo as root or any user account on the system. sudo: policy plugin failed session initialization Xref OpenCSW bug: https://www.opencsw.org/mantis/view.php?id=5277
It looks like this is due to pam_open_session() failing. The message from PAM is "Can not make/remove entry for session". As a workaround you can add the following line to your sudoers file: Defaults !pam_session
The problem does not occur with the Solaris 9 package from sudo.ws. I'm not sure why pam_open_session() would fail with the CSW package and not with the package I produce.
The workaround worked. I attempted this earlier but I put the exclusion in incorrectly. I was not aware of a sudo package from sudo.ws. I may switch to it going forward and use the CSW packages for other items I need.
I just verified that a sudo package built natively on Solaris 9 works too (the ones I build are usually cross-compiled on Solaris 11). I'm not sure what is different about the CSW package.
Fixed in sudo 1.8.17 which is now available. Sudo no longer treats PAM_SESSION_ERR as a fatal error when opening the PAM session. Other errors from pam_open_session() are still treated as fatal. This avoids the "policy plugin failed session initialization" error message seen on some systems.