Bugzilla – Bug 819
Doesn't always respect the timeout setting
Last modified: 2018-01-08 16:03:16 MST
I've added the line in 'visudo' in order to extend the timeout to 4 hours: > Defaults env_reset,timestamp_timeout=240 It does normally work, however, sometimes it asks the password again very much sooner. I guess that it doesn't always honor timestamp_timeout=240. It does work most of the time, but sometimes it loses the time somehow and asks again. sudo-1.8.20p2_3 on FreeBSD 11.1
I will try to reproduce this. In the meantime, can you update your sudo to the latest FreeBSD package, which is 1.8.21p2?
Also, a line like the following in /usr/local/etc/sudo.conf (assuming the FreeBSD package) may help in debugging this. Debug sudoers.so /var/log/sudoers_debug auth@debug
(In reply to Todd C. Miller from comment #1) > I will try to reproduce this. In the meantime, can you update your > sudo to the latest FreeBSD package, which is 1.8.21p2? Already, thanks. (In reply to Todd C. Miller from comment #2) > Also, a line like the following in /usr/local/etc/sudo.conf > (assuming the FreeBSD package) may help in debugging this. > > Debug sudoers.so /var/log/sudoers_debug auth@debug Done, thanks!
Version 1.8.21p2_1 also has this problem. The log shows how at 01:27:24 I entered the password, yet at 01:49:58 it asks for password again. Attaching the log. I can't really read it myself.
Created attachment 504 [details] log
That log shows that a password is being required only for new time stamp records which should mean you are running the command either from a different tty or the authorization user is different (the rootpw, runaspw or targetpw options were used in one case but not another). Have you disabled tty_tickets in sudoers or set any of the rootpw, runaspw or targetpw options?
Looking through the debug log again I see that in each case a password was required because the tty was different.
Thanks, Todd for your help! I realized that I didn't know about tty_tickets. This feature works as intended.