Marc R. Schoolderman

Hacked together this idea using `pam_exec`, seems to work: ```sh $ sudo ls [sudo: authenticate] Password: [sudo] Did you forget your password or just your brain? ``` Note that this...

I think the PAM module prototype (it's on GitHub if you know where to look) shows that we can achieve the same functionality without modifying the source code, which I'm...

Thanks. I don't think we have focused on WSL being 'supported' yet, so I've added the "enhancement" label as well. Firing up a Windows machine to see if I can...

I managed to reproduce by upgrading my `stretch` Debian WSL-installation to `bookworm`, but in that scenario *original* sudo also didn't work (failing with an error about a pam session module...

Managed to reproduce! Very closely tied to the `--login` flag indeed, so that should make it easy to track down the issue.

Tried it in a docker container, same thing happens, so does not seem tied to WSL.

Note: I've also noticed that in a fresh Arch-linux docker container, there is no PAM config for sudo, since there is no sudo in that docker. We should probably check...

I've located the issue to this line: https://github.com/memorysafety/sudo-rs/blob/ebd3e60024b88c4506da69b86a96a4ec694d3c04/src/sudo/pam.rs#L114 Since "sudo --login" starts a new login shell, a different PAM service name is used. This is done on purpose -- the...

Good suggestion, let's create another issue for that. During my investigation here, I've also noticed original sudo sometimes printing uninformative error messages. Whether it is possible, I don't know --...

I remember we fixed this related issue during the Berlin Meeting: https://github.com/memorysafety/sudo-rs/issues/263. We could also have a look at the relevant code where the potential loop might be. Of course,...