Solved doas: pam_authenticate: Conversation failure

As the title says I'm receiving an error when I'm using security/doas with a keybind in a i3wm, keybind which modify the backlight of the screen from 100% to 70% because intel_backlight don't keep the changes between reboots/shutdowns and the Fn keys don't work so great with apci_ibm.

Code:
doas[66240]: pam_authenticate: Conversation failure
doas.conf:
Code:
permit nopass keepenv minbari
permit :wheel
permit nopass keepenv :minbari cmd /home/minbari/.config/i3/modules/check_ports
permit nopass keepenv :minbari cmd /home/minbari/.scripts/backlight
i3wm bind section
Code:
exec doas /home/minbari/.scripts/backlight
bindsym $mod+slash exec doas /home/minbari/.scripts/backlight

blacklight binded script:
Bash:
#!/bin/sh

sleep 3

if ! [ ${intel_backlight} -eq 100 ]; then
       intel_backlight 70
fi
The user is in wheel and operator groups.
 
I'm not so familar with security/doas but I think the colon is only used for groups and if minbari is your user you can try
Code:
permit nopass minbari as root cmd /home/minbari/.config/i3/modules/check_ports
permit nopass minbari as root cmd /home/minbari/.scripts/backlight
 
Last edited by a moderator:
According to doas.conf(5), you should use "restricted PATH", so you cannot
use executables from your home dir with doas. if you want to use some scripts
with doas, move it to your system $PATH, for example /usr/local/bin.
 
According to doas.conf(5), you should use "restricted PATH", so you cannot
use executables from your home dir with doas. if you want to use some scripts
with doas, move it to your system $PATH, for example /usr/local/bin.
In FreeBSD 11.2 having the path (in doas) to a folder in user's home worked but not in FreeBSD 12.0. Anyway the suggestion made by Lanakus solved the problem.
 
Probably that's because whole path to executable was added to doas.conf. I remember after upgrade to 11.0, I had some authentication errors, because freebsd-update accidentally removed one of "pam_" .so files, after that I couldn't login anymore (sudo didn't work as well), but I had doas.conf opened in vim as root (via sudo) in one of my tmux sessions, to restore this library manualy, I had to add it to /usr/lib/ with root access, so I tried to add su executable to ~/.local/bin, this dir was in my system's $PATH, to execute it then with doas to gain root access, but it didn't work. After that I've managed to solve this issue via FreeBSD 11 live cd, I've mounted zfs pools and moved required library from live media to /usr/lib/.
 
Back
Top