Ubuntu
sudo package

nothing needing authentication works

Asked by Rob Clive

I updated my 10.04 LTS system at the beginning of the month and now nothing that requires authentication will work:

Synaptic asks for the password to unlock the keyring but then closes without any message. If I run it using gksudo it simply returns to the prompt.
Sudo does the same: asks for my password and then returns to the prompt with no message or error. It's obviously the right password because if I try anything else I get the expected message.
Update manager tells me there are updates but after asking for the password it goes back to checking for updates and tells me those same updates are available.

After reading various things which seemed related I checked sudoers was right and that I was still in the relevant group. I also checked shadow and gshadow but nothing's changed for a long time. All this was done in a root shell in recovery mode because of the above. Most worryingly however is when I tried to change my password using passwd in the root shell in recovery mode. This returned immediately to the prompt with a return code of 1 which man says means access denied. How can this be in a root shell?

The only thing in the last update which seems relevant is pam: pam.d/common-auth has a modified timestamp from the update but there's nothing in it different from what I'd seen on the web. It would seem that pam-unix no longer authenticates correctly or authenticates but doesn't tell anyone.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu sudo Edit question
Assignee:
No assignee Edit question
Solved by:
Rob Clive
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

Can you give the output of:

echo "groups="; groups; echo; lsb_release -a

Thanks

Revision history for this message
Rob Clive (rob-r2g2) said : 		#2

Sorry for the delay, my earlier reply didn't seem to get through.

This is the output:

groups=
rob adm cdrom floppy audio video plugdev fuse lpadmin netdev admin sambashare vboxusers mythtv

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 10.04.2 LTS
Release: 10.04
Codename: lucid

I can confirm that, like the sudo setup as distributed, members of the admin group are allowed to execute any command and that I am a member of that group.

Revision history for this message
Rob Clive (rob-r2g2) said : 		#3

It seems that the problem resides in the pam_smbpass module which was updated at the last update.

The end of my pam.d/common-auth looks like this:

# here are the per-package modules (the "Primary" block)
auth [success=1 default=ignore] pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth optional pam_smbpass.so migrate
# end of pam-auth-update config

If I change the pam_unix line to 'auth sufficient pam_unix.so nullok_secure' then everything works again. It would seem the pam_smbpass module returns a fail. Does anyone have any views on this? There has never been anything in any log file relating to all the failures.

Revision history for this message
Jo Blick (jopublick) said : 		#4

I'm not sure how much help this is, I only understand about 70°/° of what youre describing. I've been using ubuntu 11.10 for a few days. I installed it to a new netbook using the USB stick I created and chose to only have 1 OS on one partition overwriting windows. I chose a password on startup and later chose 2 others, for signing in to ubuntu one and launchpad . I recorded them all. I then found thunderbird would not recognise my ISP after I had created a "special account" by mistake, I think, so I tried to unistall thunderbird using software centre and the authentication password was not recognised. I tried every possible variation of my password,plus the other 2 I had created.
After 2 days of research I discovered thet my password still worked for entry into the recovery mode
 managed to re-input the authentication password inside the OS by using recovery mode (or rescue mode) from pressing shift at the black start screen and typing passwd <username> pressing enter and retyping and confirming my origional password.
this fixed the password issue and enabled me to uninstall program, but has not fixed the thubderbird issue.

I,m going to find a place on forums or bugs to ask if theres a bug with passwords and thunderbird. I also am concerned about keyring passwords. I cant find out if they are connected to the problem or not. I hope I,m right in assuming keyring passwords are like the 2 that I created for signing into online accounts and not for authorising changes on my PC.