http://bugzilla.opensuse.org/show_bug.cgi?id=1081947 http://bugzilla.opensuse.org/show_bug.cgi?id=1081947#c20 Josef Möllers <josef.moellers@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kstreitova@suse.com Assignee|josef.moellers@suse.com |kstreitova@suse.com Flags| |needinfo?(kstreitova@suse.c | |om) --- Comment #20 from Josef Möllers <josef.moellers@suse.com> --- Hello Krystina, As you can see from the comments 11 and following, pam_keyinit.so must be added to the sudo configuration: * in the "sudo -l" case, "force must be specified * in the "sudo" case, no "force" must be specified. My understanding is that 1) a "sudo-l" file should be created in "/etc/pam.d" with the same contents as "/etc/pam.d/sudo" PLUS the line "session optional pam_keyinit.so force revoke" 2) plugins/sudoers/defaults.c must be changed as to use that file for def_pam_login_service. Please make the changes ASAP (if possible for SLE-15), then clear NEEDINFO and assign back to me. Any questions -> welcome! Dĕkuji! Josef -- You are receiving this mail because: You are on the CC list for the bug.