Ubuntu
pam package

sudo: pam_unix(sudo:auth): conversation failed

Bug #1766325 reported by Jonas
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
pam (Ubuntu)
Confirmed
Undecided
Unassigned
sudo (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Hello.

I experience a bug after upgrading from Ubuntu 17.10 to 18.04.

The bug seems to be a regression because what I am trying to do was working with Ubuntu 17.10 and stopped working after the upgrade.

Here is the problem:

I have 2 users on my system. One is the user that is created during installation, named zzz. The other user I added later, named abc. Both users have passwords set. According to passwd the password for user abc is a locked password (L) (whatever that means).

Now I am logged into user zzz and want to execute a program as user abc without entering the password of user abc.

Until Ubuntu 17.10 this was done like this: "sudo -i -u abc /usr/bin/java -version".
To get that working I had to add this via visudo: "zzz ALL=(abc) NOPASSWD: /usr/bin/java"

Now this seems to be ignored. Instead the terminal is asking for the password of user abc. I see this in /var/log/auth.log: "sudo: pam_unix(sudo:auth): conversation failed".

Tags: pam sudo
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in sudo (Ubuntu):
status: New → Confirmed
Revision history for this message
Johon Doee (jodoee11) wrote :

This happens with the final release 18.04 as well.

Is there a temporary solution or some progress in fixing that regression?

Revision history for this message
Johon Doee (jodoee11) wrote :

Hello. Is there somebody looking into this problem? No comment from ubuntu-devs so far and I wonder if this report is even noticed.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in pam (Ubuntu):
status: New → Confirmed
Revision history for this message
Austin Hogan (a93h) wrote :

I have the same issue.
Both after adding a new user or doing a password change to a current user I have the same problem.

I cannot do a clean install because my server service provider had an older distribution for installation only, not 18.04

Luckily I have multiple user accounts with sudo access from 17.10, however this is a really annoying bug and a security problem for myself personally, as I am afraid that if I change my passwords something bad might happen.

Does Ubuntu do bounty for bugs? I would definitely pay/contribute to have this fixed?

I will continue looking for now.

I have changed my password multiple times and made it as short as possible to make sure the character input was correct.

I am willing to ugrade again if that will fix things.

Does this have something to do with my /etc/shadow and possibly the hash salt changing?

Error log:

Sep 7 15:37:31 localhost sudo: pam_unix(sudo:auth): authentication failure; logname=user1 uid=1003 euid=0 tty=/dev/pts/1 ruser=user1 rhost= user=user1
Sep 7 15:40:41 localhost sudo: pam_unix(sudo:auth): auth could not identify password for [user1]
Sep 7 15:40:41 localhost sudo: user1 : 1 incorrect password attempt ; TTY=pts/1 ; PWD=/home/user1 ; USER=root ; COMMAND=/usr/bin/test

sudoers:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

Revision history for this message
Austin Hogan (a93h) wrote :

Currently without any changes to my setup...

Only one user after upgrade can be granted sudo privileges in my ubuntu installation.

Therefore adding sudo privileges only works once after upgrading my machine.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.