isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expand section about expired accounts to include /etc/shadow info.

Browse Source 
GitHub issue #143
This commit is contained in:
Todd C. Miller
2022-04-20 15:47:42 -06:00
parent 930271847a
commit c51b81fa53
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/TROUBLESHOOTING.md
View File

@@ -75,9 +75,15 @@ It just says "Sorry, try again." three times and exits.
Account expired or PAM config lacks an 'account' section for sudo, Account expired or PAM config lacks an 'account' section for sudo,
contact your system administrator` contact your system administrator`
> when the account has not expired, your PAM config probably lacks > double-check the `/etc/shadow` file to verify that the target user
> an 'account' specification. On Linux this usually means you are > (for example, root) does not have the password expiration field set.
> missing a line in /etc/pam.d/sudo similar to: > A common way to disable access to an account is to set the expiration
> date to 1, such as via `usermod -e 1`. If the account is marked as
> expired, sudo will not allow you to access it.
>
> If, however, the account has not expired, it is possible that the PAM
> configuration lacks an 'account' specification. On Linux this usually
> means you are missing a line in /etc/pam.d/sudo similar to:
account required pam_unix.so account required pam_unix.so