sudo: auth could not identify password for [user]

Discussions Regarding Software

Moderator: Moderators

Post Reply
User avatar
linuxfluesterer
Old Dear Hen
Posts: 867
Joined: Thu Sep 20, 2012 19:47
Location: Germany

sudo: auth could not identify password for [user]

Post by linuxfluesterer » Fri Feb 01, 2013 23:14

Hallo guys.
Since some days (actually from /var/log messages it started on 29/01/ after an upgrade with Rigo), I see, that there is some process writing permanently on my ssd. So, when I start to watch /var/log/messages as root with command:

Code: Select all

tail -f /var/log/messages
then I see the following:

Code: Select all

Feb  1 22:37:10 localhost sudo: pam_unix(sudo:auth): conversation failed
Feb  1 22:37:10 localhost sudo: pam_unix(sudo:auth): auth could not identify password for [linuxfluesterer]
Feb  1 22:37:11 localhost sudo: pam_unix(sudo:auth): conversation failed
Feb  1 22:37:10 localhost sudo: pam_unix(sudo:auth): auth could not identify password for [linuxfluesterer]
Feb  1 22:37:11 localhost sudo: pam_unix(sudo:auth): conversation failed
Feb  1 22:37:10 localhost sudo: pam_unix(sudo:auth): auth could not identify password for [linuxfluesterer]
Feb  1 22:37:11 localhost sudo: pam_unix(sudo:auth): conversation failed
Feb  1 22:37:10 localhost sudo: pam_unix(sudo:auth): auth could not identify password for [linuxfluesterer]
Feb  1 22:37:11 localhost sudo: pam_unix(sudo:auth): conversation failed
.
.
.
These messages are repeated about 3 times per second and written into my /var/log/messages file. In between there are thousand of the same messages.
But these messages appear only, when I am logged in into my GUI (KDE 4.9.5). When I leave the GUI session, these messages stop.

So, what can I do to find out is the origin for auth failure? (Which process works in my name as 'sudo')?
And how can I stop it?

As all I remember, I haven't installed a new program or plasmoid...
The only script I launch with a 'sudo', is an rsync script for my backups.

I'd really appreciate your help. Thank you in advance.

-Linuxfluesterer (I love KDE ...)

Core i5, 8GB Ram, 240 GB ssd, NVidia GT630M, with Kernel 3.7.4 and KDE 4.9.5.
Take away Facebook from me and let there be real people again...

User avatar
linuxfluesterer
Old Dear Hen
Posts: 867
Joined: Thu Sep 20, 2012 19:47
Location: Germany

Re: sudo: auth could not identify password for [user]

Post by linuxfluesterer » Sat Feb 02, 2013 14:31

Update: When adding the following line to /etc/sudoers as root with 'visudo'

Code: Select all

linuxfluesterer  ALL=NOPASSWD: ALL
then sudo doesn't ask me for any password (I know, dangerous!),
but in that moment the auth failure messages stop.
When I change this line to

Code: Select all

linuxfluesterer  ALL=ALL
then password is required for sudo and the auth failure messages appear again.

-Linuxfluesterer (I love KDE ...)
Take away Facebook from me and let there be real people again...

User avatar
linuxfluesterer
Old Dear Hen
Posts: 867
Joined: Thu Sep 20, 2012 19:47
Location: Germany

Re: sudo: auth could not identify password for [user]

Post by linuxfluesterer » Sun Feb 03, 2013 12:47

...
Update: Of course, in between, I was looking around for more information about the messages, I received.
So, one thing I did was, that I created a file named /etc/sudo.conf, which contains:

Code: Select all

Debug sudo /tmp/sudo_dbg.log [email protected],[email protected]
That leads into the effect, that there is a new debug (sudo) login file in /tmp with name sudo_dbg.log. It doesn't exist per default. And when you don't use the debug any more, then delete that file or outmark it with a '#'.
Ok after done this, I relogged in to KDE and the results of my logins (and those I am not conscious of) are written into that file. It's a lot because growing fast. I loose overview.
So, finally, I decided to do a radical cut. I restored my backup of the whole partition /dev/sda1 (my Root partition for SL X) and the problem doesn't appear anymore.
I haven't found the answer, why the sudo pam authentification failed, neither I could fix it.
But I got nervoes, and because my own data in home directory is up to date, I haven't lost much.
Anyway, it was good to learn how to restore.
In fact, sudo and sudoers is a hard topic. I really prefer the 'su' to the 'sudo' command. Since SuSE I did and I also always created a root password in Kubuntu then to have root access.

Thank you for reading this thread.

-Linuxfluesterer (I love KDE ...)
Take away Facebook from me and let there be real people again...

User avatar
Fitzcarraldo
Sagely Hen
Posts: 8097
Joined: Sat Mar 10, 2007 5:40
Location: United Kingdom
Contact:

Re: sudo: auth could not identify password for [user]

Post by Fitzcarraldo » Sun Feb 03, 2013 18:07

linuxfluesterer wrote:Update: When adding the following line to /etc/sudoers as root with 'visudo'

Code: Select all

linuxfluesterer  ALL=NOPASSWD: ALL
then sudo doesn't ask me for any password (I know, dangerous!),
but in that moment the auth failure messages stop.
When I change this line to

Code: Select all

linuxfluesterer  ALL=ALL
then password is required for sudo and the auth failure messages appear again.

-Linuxfluesterer (I love KDE ...)
Use the following instead:

Code: Select all

linuxfluesterer ALL=(ALL) NOPASSWD: ALL
Very insecure, mind you.

Or, if you want to force the entry of a user password:

Code: Select all

linuxfluesterer ALL=(ALL) ALL

User avatar
linuxfluesterer
Old Dear Hen
Posts: 867
Joined: Thu Sep 20, 2012 19:47
Location: Germany

Re: sudo: auth could not identify password for [user]

Post by linuxfluesterer » Sun Feb 03, 2013 19:14

Fitzcarraldo wrote:
linuxfluesterer wrote: Update: When adding the following line to /etc/sudoers as root with 'visudo'

Code: Select all

1.linuxfluesterer  ALL=NOPASSWD: ALL
Use the following instead:

Code: Select all

linuxfluesterer ALL=(ALL) NOPASSWD: ALL
Very insecure, mind you.
Pls, what is the difference to 1.?
I know, that this is insecure, so, for that reason, I don't want to change the original rules in /etc/sudoers.
Fitzcarraldo wrote:Or, if you want to force the entry of a user password:

Code: Select all

linuxfluesterer ALL=(ALL) ALL
With that entry, sudo produces an auth failure message "Could not identify password for ..." , which I can't find, why.
Finally, I want to use the pure Sabayon /etc/sudoers with the only activated lines:

Code: Select all

# User privilege specification
root    ALL=(ALL) ALL
..
#Added by Sabayon Installer
%wheel  ALL=ALL
I assume, that I have installed a plasmoid or superkaramba widget in last days (I forgot, which one).
And to prevent insecurity of lacking password or permanently writing auth failure messages, when pw is forced,
I have restored a SL X partition backup from 27/01/2013.
Now, I'm content, though I don't know how to correct the auth failure message.

Thank you anyway for your support, Fitzcarraldo.

-Linuxfluesterer (I love KDE ...)
Take away Facebook from me and let there be real people again...

Post Reply