Josef M��llers changed bug 1081947
What Removed Added
CC   kstreitova@suse.com
Assignee josef.moellers@suse.com kstreitova@suse.com
Flags   needinfo?(kstreitova@suse.com)

Comment # 20 on bug 1081947 from 
Hello Krystina,

As you can see from the comments 11 and following, pam_keyinit.so must be added
to the sudo configuration:
* in the "sudo -l" case, "force must be specified
* in the "sudo" case, no "force" must be specified.

My understanding is that
1) a "sudo-l" file should be created in "/etc/pam.d" with the same contents as
"/etc/pam.d/sudo" PLUS the line "session optional pam_keyinit.so force revoke"
2) plugins/sudoers/defaults.c must be changed as to use that file for
def_pam_login_service.

Please make the changes ASAP (if possible for SLE-15), then clear NEEDINFO and
assign back to me.

Any questions -> welcome!

D��kuji!

Josef

You are receiving this mail because: