Package: sudo-ldap Version: 1.8.27-1 Severity: normal Dear maintainer,
I upgraded Debian from 9.9 to 10.0 yesterday and find that I have to enter my password when running commands with sudo. We have no !authenticate option on our LDAP server so we manually add NOPASSWD in /etc/sudoers. However, after upgrading to buster, the NOPASSWD option seems not working. The running result of sudo -l still contains NOPASSWD: steven@vpn:~$ sudo -l Matching Defaults entries for steven on vpn: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin User steven may run the following commands on vpn: (ALL : ALL) NOPASSWD: ALL (ALL) ALL (ALL) ALL The changelog of sudo-ldap does not show it has put a higher priority in the LDAP server's configuration, so I think this should be a bug. Regards, Zhaofeng Yang -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sudo-ldap depends on: ii libaudit1 1:2.8.4-3 ii libc6 2.28-10 ii libldap-2.4-2 2.4.47+dfsg-3 ii libpam-modules 1.3.1-5 ii libpam0g 1.3.1-5 ii libselinux1 2.8-1+b1 ii lsb-base 10.2019051400 sudo-ldap recommends no packages. sudo-ldap suggests no packages. -- Configuration Files: /etc/sudoers changed: Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" root ALL=(ALL:ALL) ALL %sudo ALL=(ALL:ALL) NOPASSWD:ALL -- no debconf information