Never had this happen to me in 25 years of using Linux.
After rebooting following today’s updates, I logged in as usual without a hitch. I needed to check the status of the vmware network, so I tried this - sudo vmware-network --status and got this result:
Mar 02 09:36:36 audit[2885]: USER_AUTH pid=2885 uid=1000 auid=1000 ses=3 subj==unconfined msg='op=PAM:authentication grantors=? acct="ajgringo619" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=failed'
Mar 02 09:37:38 sudo[2885]: pam_unix(sudo:auth): conversation failed
Mar 02 09:37:38 audit[2885]: USER_AUTH pid=2885 uid=1000 auid=1000 ses=3 subj==unconfined msg='op=PAM:authentication grantors=? acct="ajgringo619" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=failed'
Mar 02 09:37:38 sudo[2885]: pam_unix(sudo:auth): auth could not identify password for [ajgringo619]
Mar 02 09:37:40 sudo[2885]: ajgringo619 : 1 incorrect password attempt ; TTY=pts/1 ; PWD=/home/ajgringo619 ; USER=root ; COMMAND=/usr/bin/vmware-networks --status
I found that all of my sudo attempts were failing, so I got to root via su and reset the password. Same failure. What can I do to fix this???
It wasn’t just my sudo password that was hosed; even my no-password entries weren’t working. I did find some more journal entries that might shed some light on what happened:
Mar 02 09:34:03 sudo[2008]: pam_systemd_home(sudo:auth): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.
Mar 02 09:34:03 audit[2008]: USER_AUTH pid=2008 uid=1000 auid=1000 ses=2 subj==unconfined msg='op=PAM:authentication grantors=? acct="ajgringo619" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=failed'
Mar 02 09:34:03 sudo[2008]: pam_unix(sudo:auth): conversation failed
Mar 02 09:34:03 sudo[2008]: pam_unix(sudo:auth): auth could not identify password for [ajgringo619]
Mar 02 09:34:05 dbus-daemon[949]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.60' (uid=0 pid=2013 comm="sudo /usr/bin/nvidia-smi --id=0 --power-limit=120 ")
Mar 02 09:34:05 sudo[2013]: pam_systemd_home(sudo:auth): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.
Mar 02 09:34:05 sudo[2013]: pam_unix(sudo:auth): conversation failed
Mar 02 09:34:05 audit[2013]: USER_AUTH pid=2013 uid=1000 auid=1000 ses=2 subj==unconfined msg='op=PAM:authentication grantors=? acct="ajgringo619" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=failed'
Mar 02 09:34:05 sudo[2013]: pam_unix(sudo:auth): auth could not identify password for [ajgringo619]
Mar 02 09:34:08 dbus-daemon[949]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.61' (uid=0 pid=2288 comm="sudo /usr/bin/nvidia-smi --id=1 --power-limit=60 ")
Mar 02 09:34:08 sudo[2288]: pam_systemd_home(sudo:auth): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.
Mar 02 09:34:08 sudo[2288]: pam_unix(sudo:auth): conversation failed
Mar 02 09:34:08 audit[2288]: ANOM_LOGIN_FAILURES pid=2288 uid=1000 auid=1000 ses=2 subj==unconfined msg='pam_faillock uid=1000 exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
Mar 02 09:34:08 audit[2288]: RESP_ACCT_LOCK pid=2288 uid=1000 auid=1000 ses=2 subj==unconfined msg='pam_faillock uid=1000 exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
Mar 02 09:34:08 audit[2288]: USER_AUTH pid=2288 uid=1000 auid=1000 ses=2 subj==unconfined msg='op=PAM:authentication grantors=? acct="ajgringo619" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=failed'
Mar 02 09:34:08 sudo[2288]: pam_unix(sudo:auth): auth could not identify password for [ajgringo619]
Mar 02 09:34:08 sudo[2288]: pam_faillock(sudo:auth): Consecutive login failures for user ajgringo619 account temporarily locked
While I’m certain that I used the right password, it’s possible that I didn’t. Maybe I just had to wait until the sudo-imposed lockout expired.
Thanks for the tip; yes, 3 is the default. Since I obviously triggered this with the failed sudo passwords, should it have locked out my user account from all logins as well? I was able to logout and log back in right after this happened, so I’m confused as to how this actually works.
Well…I found the solution; operator-error as usual. I ran into the same problem after my last update/reboot, so I was ready to pull the last of my hair out. I checked the system journal and found that there were (3) failed attempts to run sudo, which were happening on a startup script I use to set my (2) Nvidia GPUs for FoldingatHome (reduced power, persistence).
I’ve been in the habit of updating my scripts/aliases to use the long versions of command-line switches; just makes it easier for me to figure out what it’s doing if/when I come back to it later. However, after switching the script to use the long names, I forgot to make the necessary update to my sudo commands: (3) different sudo commands, (3) failures = lockout: