Share:|

The December OSU updates many packages, and upgrades the operating system to CentOS 7.6. Included in the upgrade to 7.6  is an update to the sudo package.

 

The change in sudo includes: “PAM account management modules are now run even when no password is required.” [See the Red Hat documentation for more information]

 

For some processes in BMC Discovery, the tideway user uses sudo to run certain system level programs. Where user passwords expire, the changed processing of the PAM modules would request users to change the password, which in turn would have caused automated sudo usage to fail. This would be particularly problematic for customers that have strict expiry policies (STIG) on the appliance command line users.

 

The update to sudo-1.8.23-3.el7 (and only sudo) has been excluded from the December OSU while the we determine the full extent of the changes required.

 

Update: 8th April 2019. The April OSU will now contain any updates to sudo.

From the Aprill 2019 OSU, Discovery will utilise the pam_localuser.so module in the PAM sudo stack against a specific list of users (pam_localuser).