AADLoginForLinux : sudo: PAM authentication error: Conversation error

Azure / azure-linux-extensions

Linux Virtual Machine Extensions for Azure

Apache License 2.0

304 stars 253 forks source link

AADLoginForLinux : sudo: PAM authentication error: Conversation error #791

Open johanburati opened 5 years ago

johanburati commented 5 years ago

Issue

Getting the following error when trying to sudo with the AD account:

$ sudo -i
sudo: PAM authentication error: Conversation error

Tried this on Centos 7.3/Ubuntu 18.04

Workaround

Changing the line in /etc/sudoers.d/aad_admins from:

%aad_admins ALL=(ALL) ALL

%aad_admins ALL=(ALL) NOPASSWD: ALL

fixed the issue.

Request to developers

Correct extension package either by updating the aad_admins file as per the workaround or add appropriate PAM rules.

ndunn990 commented 5 years ago

We've encountered the same issue. Can confirm that the workaround @johanburati mentioned works for us, as well. However, we'd rather prompt our admins for their passwords when attempting anything in sudo.

carlosporter commented 5 years ago

Actually, is it really necessary to disable password authentication on the sudoers configuration?, is it possible to have sudo work with the password authentication enabled ?

jakaruna-MSFT commented 5 years ago

@carlosporter @johanburati "sudo: PAM authentication error: Conversation error" error is resolved now in the extension.

@johanburati @ndunn990 Default behavior is to ask for login again when the user uses sudo . When the user dont want to be prompted for login again with AAD when using sudo, The user can use that configuration.