Description of problem:
sudo skips the PAM account phase and therefore also skips the pam_time module which results in failed time based account restriction.
sudo should use 'pam_acct_mgmt()' in case no authentication is required. The function is fully independent of 'pam_authenticate()'.
Version-Release number of selected component (if applicable):
all versions of sudo are affected.
foobar ALL=(ALL) NOPASSWD: ALL
account required pam_time.so
sudo still works for the 'foobar' user. Expectation is that sudo is failing.
Steps to Reproduce:
Created attachment 1382271 [details]
Created attachment 1486438 [details]
upstream fix of a regression related to NOPASSWD PAM stack handling
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.