This last worked in app-admin/sudo-1.7.2_p7. I noticed it because it broke some of my infra admin scripts to run commands on many machines, or do root-access rsync securely between machines without allowing any root login. Somewhere between then and 1.7.4_p3-r1, the timestamp cache mechanism appears to be taking into account the name of your TTY or something else related, such that between two sessions on the same system, the timestamp cache is NOT shared. Directions to reproduce: 1. Open two windows (A and B), sshed to a system where you can sudo su -, and are required to give your password to complete that action. 2. In window A: 2.1. "sudo su -" 2.2. give your password 2.3. "exit" 2.4. "sudo su-" 2.5. The timestamp cache will let you in, without a password again. 2.6. "exit" 3. In window B: 3.1. "sudo su -" 3.2. Your password is required again, the cache does not work. 4. In window A: 4.1. "sudo su -" 4.2. it works, the cache is still valid.
From 1.7.4 release news * The tty_tickets sudoers option is now enabled by default. tty_tickets If set, users must authenticate on a per-tty basis. With this flag enabled, sudo will use a file named for the tty the user is logged in on in the user's time stamp directory. If disabled, the time stamp of the directory is used instead. This flag is on by default.
