(Trying to su to root on laptop) "su: Authentication service cannot retrieve authentication info" so I added to su in /etc/pam.d:
"auth sufficient pam_succeed_if.so user ingroup admin"
which group I had created as root and user is member, but same message. Do I have to put user in sudoers.d? Trying to understand PAM. Any advice deeply appreciated.
Thanks, lq, probably good solution. In fact I'm worried whether my PAM is ok. I looked at sudo and not being a vim aficionado, set an environment variable SUDO_EDITOR to nano. Maybe no need. A few configuration things sounded like yesterday's solution and I got syntax errors using visudo so I might stick to PAM. Heaven knows PAM syntax is far from intuitive either.
Has anyone had the message "Authentication service cannot retrieve authentication info"? What do I have to do to fix PAM?
I moved question to Forum JHendry
If anyone could shed some light on "Authentication service cannot retrieve authentication info", I'd be most obliged. Also how to delete a thread I started.
Would PAM be affected if I changed the owner:group of PAM files from root:root to root:admin and perm to 775 so other admins can administer it? Only 1 laptop, not a commercial enterprise at all.
Just for interest and because I have a problem with PAM at the moment and because someone suggested I use sudo, PAM and sudo are compatible, right? It's not the case that sudo is an older solution and PAM a better one. Old is not necessarily rusty, is it, and I daresay the interface using visudo has stood the test of time. I suppose I wonder which packages are maintained and which aren't and how to find out.
Sudo already depends on PAM for a long time, if you want to bypass that run
su -c 'command'
@JHendry I merged all of your past four threads, to delete one go to More - Remove.
Your current issue is about "Authentication service cannot retrieve authentication info", did this happen after modifying what exactly, /etc/sudoers or something else?
Thx for combining thread, hitman, problem persists. I get the error attempting su from another user. Other user is in admin group with root. Most of my files were installed with owner:group root:root. I used chgrp to make them root:admin and permission 775. This is so I can administer the system as the other user and perform one task in particular (install LFS). Btw "more.." doesn't offer me "remove".
lol
RTFM:
https://wiki.archlinux.org/title/Sudo
Pardon my ignorance of sudo, lq, and thx for the link. I see it has advantages over su but can't I do without both by appropriate groups and PAM files?
how can you use sudo without pam? https://www.redhat.com/sysadmin/pluggable-authentication-modules-pam
pam has been the authenication agent for Linux for maybe decades.
I don't want to use sudo without PAM, mtbrklyn, I want PAM in working order. The error message "authentication service cannot retrieve authentication info" suggests it may not be. So I wondered if I had mucked up the permissions.
It suggests to me you don't have a root user in /etc/passwd or something like that. It says it can't find it, not that it is not working.
It can't be you have no root user.
No but authentication doesn't only depend on the presence of a UID
Possibly a problem with /etc/shadow? Permissions on that file should be 600 root:root if I recall correctly. Also how did you create the user? If you edited /etc/passwd directly instead of using useradd, for example, that database probably wouldn't have been updated.
You also mentioned getting syntax errors with visudo... you didn't happen to write the file anyway despite the errors? The whole point of visudo is to catch basic syntax errors so you don't bork your system. (Not accusing you of anything I just want to emphasize that you should take note when visudo complains)