pam_kwallet把sudo报废了

#1

我不想开机后输入第二遍密码,就装了pam_kwallet
之前leap 15装这个把kdesu废了,现在15.1装这个把sudo废了,这是什么操作?

tommyvct@RYZEN-TOMMYVCT-opensuse ~> sudo zypper
[sudo] password for root: 
Sorry, try again.
[sudo] password for root: 
Sorry, try again.
[sudo] password for root: 
sudo: unable to send audit message: Operation not permitted
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: 3 incorrect password attempts
tommyvct@RYZEN-TOMMYVCT-opensuse ~> sudo -i
[sudo] password for root: 
Sorry, try again.
[sudo] password for root: 
Sorry, try again.
[sudo] password for root: 
sudo: unable to send audit message: Operation not permitted
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: 3 incorrect password attempts
tommyvct@RYZEN-TOMMYVCT-opensuse ~> su
Password: 
RYZEN-TOMMYVCT-opensuse:/home/tommyvct # sudo zypper 
###zypper正常运行###
RYZEN-TOMMYVCT-opensuse:/home/tommyvct # exit
tommyvct@RYZEN-TOMMYVCT-opensuse ~>
#2

卸载 试过一次 不敢再用了

#3

可以po一下你的/etc/pam.d/sudo /etc/pam.d/su /etc/pam.d/common-auth这三个文件吗,这里Tumbleweed一切正常

#4
tommyvct@RYZEN-TOMMYVCT-opensuse ~> cat /etc/pam.d/sudo
#%PAM-1.0
auth     include        common-auth
account  include        common-account
password include        common-password
session  optional       pam_keyinit.so revoke
session  include        common-session
# session  optional       pam_xauth.so
tommyvct@RYZEN-TOMMYVCT-opensuse ~> cat /etc/pam.d/su
#%PAM-1.0
auth     sufficient     pam_rootok.so
auth     include        common-auth
account  sufficient     pam_rootok.so
account  include        common-account
password include        common-password
session  include        common-session
session  optional       pam_xauth.so
tommyvct@RYZEN-TOMMYVCT-opensuse ~> cat /etc/pam.d/common-auth
#%PAM-1.0
#
# This file is autogenerated by pam-config. All changes
# will be overwritten.
#
# Authentication-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth    required        pam_env.so
auth    optional        pam_gnome_keyring.so
auth    optional        pam_kwallet5.so
auth    required        pam_unix.so     try_first_pass
#5

请问你的DE?Gnome/KDE?

#7

KDE
以前用sudo的时候都是问得本用户的密码,这回直接问的root密码,而且输入什么都不对

#8

这就很奇怪,为什么你用的KDE但是common-auth里会有gnome-keyring呢,建议注释gnome-keyring后再测试下

#9

我以前用过gnome

#10

注释了也没用
文件看起来没有问题啊

#11

看一下commom-password呢,应该也是有相同的语句
sudo认证走了common-auth,common-account,common-password,你出了认证问题,应该是这其中一个的认证没通过,第一个已经排除了,可以看一下后面两个
这是我的common-account:
account required pam_unix.so try_first_pass

这是我的common-password:

password        requisite       pam_cracklib.so
password        optional        pam_kwallet5.so
password        required        pam_unix.so     use_authtok nullok shadow try_first_pass 
#12

我感觉可能我的common-account是有问题的

#%PAM-1.0
#
# This file is autogenerated by pam-config. All changes
# will be overwritten.
#
# Account-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the account modules that define
# the central access policy for use on the system.  The default is to
# only deny service to users whose accounts are expired.
#
account required        pam_unix.so     try_first_pass 

common-password是这样的,看起来也没什么问题

#%PAM-1.0
#
# This file is autogenerated by pam-config. All changes
# will be overwritten.
#
# Password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define  the services to be
# used to change user passwords.
#
password        requisite       pam_cracklib.so
password        optional        pam_gnome_keyring.so    use_authtok
password        optional        pam_kwallet5.so
password        required        pam_unix.so     use_authtok nullok shadow try_first_pass 

我们可能需要求助于万能的玛丽苏 @marguerite

#13

已报告的 BUG,可能是由于 libgcrypt 升级造成的,我在升级到20190607前一切正常,并且回滚也恢复正常。