Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
@local + sudo unusable when using PAM fingerprint support in fedora 34
See original GitHub issueDescribe the bug
Fedora 34 sets up PAM with support for fingerprint support in PAM. That means I can put my fingerprint on the reader and sudo will let me through. Unfortunate, this means that every pyinfra sudo call will ask for a fingerprint which has to time out to finally let the normal password (Which pyinfra supplies in a env variable) take over.
To Reproduce
Laptop with fingerprint support, setup to let sudo be authenticated by the fingerprint (default on fedora 34). Add a ´dnf.packages` task with like 10+ packages -> there is one sudo call for each package, all of them waiting for the fingerprint timeout 😦
Expected behavior
I will only get asked once for my password.
I suspect that this isn’t easily solveable by pyinfra (i also saw a google result for the same thing in ansible) 😦 but I wonder if it would be possible to use a (cached) pty for all calls so that sudo itself caches credentials?
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Also reported as a feature request to sudo: https://github.com/sudo-project/sudo/issues/112
Shifting this to a documentation issue now sudo has a fix for this, need to make sure this is well highlighted alongside sudo documentation.