After upgrading FreeBSD 12.2 in order to get the fix from 'FreeBSD Security Advisory FreeBSD-SA-21:12.libradius’ sudo with pam_radius has started to fail for us. It correctly seems to communicate with the RADIUS server (used to trigger MFA authentication, so I get an authentication popup in the Microsoft Authenticar App) after entering the unix password first, but then something fails:
% sudo su Password: sudo: PAM authentication error: Error in service module sudo: a password is required pam.d/sudo config file: # auth auth requisite pam_unix.so no_warn try_first_pass auth requisite pam_radius.so use_first_pass # account account include system # session session required pam_permit.so # password password include system Dunno if the problem is in sudo, libpam, libradius or pam_radius but the only thing changed is libradius. And if I replace libradius.so.4 with the previous version things work again... (Considering the spagetti code that sudo is I wouldn’t be surprised if the bug is there but still…) Am I the only one seeing this? - Peter
