Disable PAM in sudo

[galindro]

Hi all.

I need to disable PAM authentication in sudo. I recompile the ports of sudo with this options in Makefile:

Code:

CONFIGURE_ARGS= --sysconfdir=${PREFIX}/etc \ --disable-log-wrap \ --with-ignore-dot \ --with-tty-tickets \ --with-env-editor \ --with-logincap \ --with-long-otp-prompt \ --disable-pam-session

But it not works.

In the /var/log/messages is displayed these messages:

Code:

Apr 16 07:47:03 pcbsd sudo: www : pam_authenticate: conversation failure ; TTY=unknown ; PWD=/usr/local/www/data/admin ; USER=root ; COMMAND=/usr/local/www/apache22/data/admin/progs/ifaces.exe

I edited my /usr/local/etc/sudoers file and added this line:

Code:

www ALL=(ALL) NOPASSWD: /usr/local/bin/wget, /sbin/pfctl, /usr/local/www/data/admin/progs/deletar_linha.exe

Somebody can help me?

[TerryP]

Why do you need to kill PAM?

[galindro]

Because I am not getting success in executing the program ifaces.exe through sudo and I do not want to use PAM.

[TerryP]

It is some what odd to be running Windows programs on a BSD Box using Super User DO.


As far as I know, executing win apps from the shell require sending them through wine rather then calling them like a normal app but dont' quote me.

[galindro]

ifaces.exe is not windows program. I developed it in C and compiled with gcc.

I need the user www execute ifaces.exe with superuser privileges. For this, I need sudo. BUT, the sudo installed on my PCBSD is compiled with PAM and I not use PAM for authentication of my users.

Then, how can I recompile sudo for not using PAM?

Understand now?

[TerryP]

Under normal situations you would likely use --without-pam as an argument to the configure script.

Generally you can find what options are available to a configure script (assuming GNU toolchain) with the --help switch. In my expirence syntax is generally --with-foo | --without-foo, --enable-bar | --disable-bar and setting variables same as but with an equals sign: --with-eggsdir=/eggs/dir | --enable-gui=gtk , etc although some things can vary from app to app.

Originally Posted by galindro

ifaces.exe is not windows program. I developed it in C and compiled with gcc.

Pardon the assumption, it's rare I've seen or heard of people using the .exe file extension when compiling [natively] on Unix based systems ;-)

[galindro]

Quote:

Pardon the assumption, it's rare I've seen or heard of people using the .exe file extension when compiling [natively] on Unix based systems

I like to use .exe extension on my programs.

Quote:

Generally you can find what options are available to a configure script (assuming GNU toolchain) with the --help switch. In my expirence syntax is generally --with-foo | --without-foo, --enable-bar | --disable-bar and setting variables same as but with an equals sign: --with-eggsdir=/eggs/dir | --enable-gui=gtk , etc although some things can vary from app to app.

I'll see if sudo have a --without-pam configure argument...

Thank's for the help man!

[galindro]

The flag --without-pam does not take any effects on sudo.

The error message continues displaying.

Can anyone help me?

:cry:

[DragnLord]

What does /etc/pam.d/sudo look like?

[galindro]

I do not have a /etc/pam.d/sudo file

:?


What content should have this file?