Bug 246265 - security/sudo hangs indefinitely when using pam_yubico.so for authentication
Summary: security/sudo hangs indefinitely when using pam_yubico.so for authentication
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Renato Botelho
Depends on:
Reported: 2020-05-06 19:22 UTC by Matthew
Modified: 2021-03-02 01:06 UTC (History)
1 user (show)

See Also:
linimon: maintainer-feedback? (garga)


Note You need to log in before you can comment on or make changes to this bug.
Description Matthew 2020-05-06 19:22:41 UTC
when using pam_yubico.so for authentication in /etc/pam.d/sudo the sudo process hangs indefinitely and cant be killed or ctrl+c.  The system has to be booted to clear the state.  I have reproduced this on serveral systems physical and virtual on 12.0-RELEASE as well as 12.1-RELEASE p1-4.  There is no output or logs that I have found the process just blocks forever.
Comment 1 Chris Hutchinson 2020-05-06 19:44:38 UTC
FWIW you can kill it by changing terminals
( CTRL+ALT+F<num> ) and login as someone in the
wheel group and perform a ps waux | grep sudo
which should provide a pid number you HUP as in
kill -HUP <pid number>
or perhaps even killall sudo might work.
A PITA, but probably better than bouncing your box. :)
While this won't fix your issue. I just thought it
might help in the interim. :)
Comment 2 Matthew 2020-05-06 21:21:15 UTC
(In reply to Chris Hutchinson from comment #1)
I tried kill -9 on it but it never dies.  I did not try kill -HUP.
Comment 3 Matthew 2020-09-10 02:23:16 UTC
issue still seems to exist on 12.1-RELEASE-p8.  Sudo with yubikey enabled hangs indefinitely and the processes dont respond to kills
Comment 4 Matthew 2021-03-02 01:06:53 UTC
I updated to 12.2 p4 and still have the same issue; after running sudo -i the sudo command hangs indefinitely, with one minor difference.  Now if I kill the sudo process from another terminal and immediately run sudo again I do get a valid shell without the hang.  I put the pam_yubico module in debug mode and see that it is indeed getting a success and finishing the module.  If I add the pam_unix module after the pam_yubico module the pam_unix module does ask for a password.  After getting past the yubico module and entering the password requested by the pam_unix module it still hangs indefinitely.