After upgrading FreeBSD 12.2 in order to get the fix from 'FreeBSD Security 
Advisory FreeBSD-SA-21:12.libradius’ sudo with pam_radius has started to fail 
for us. It correctly seems to communicate with the RADIUS server (used to 
trigger MFA authentication, so I get an authentication popup in the Microsoft 
Authenticar App) after entering the unix password first, but then something 
fails:

% sudo su
Password:
sudo: PAM authentication error: Error in service module
sudo: a password is required


pam.d/sudo config file:

# auth
auth            requisite       pam_unix.so            no_warn try_first_pass
auth            requisite       pam_radius.so           use_first_pass

# account
account         include         system

# session
session         required        pam_permit.so

# password
password        include         system


Dunno if the problem is in sudo, libpam, libradius or pam_radius but the only 
thing changed is libradius. And if I replace libradius.so.4 with the previous 
version things work again...

(Considering the spagetti code that sudo is I wouldn’t be surprised if the bug 
is there but still…)


Am I the only one seeing this?

- Peter

Reply via email to