T5554: Disable sudo for PAM RADIUS

[sever-sever]

Change Summary

Disable sudo for PAM RADIUS template that slows down the CLI commands

To fix it, add:

...
session [default=ignore success=2] pam_succeed_if.so service = sudo

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

• https://vyos.dev/T5554

Component(s) name

pam

Proposed changes

How to test

Add some fake RADIUS server

set system login radius server 203.0.113.24 key 'key1'
commit

Commit time before the fix:

vyos@r14# set interfaces ethernet eth1 description test1
[edit]
vyos@r14# time commit

real	0m13.349s
user	0m0.616s
sys	0m0.300s
[edit]
vyos@r14#

After the fix:

vyos@r14# set interfaces ethernet eth1 description test2
[edit]
vyos@r14# time commit

real	0m1.316s
user	0m0.626s
sys	0m0.303s
[edit]
vyos@r14# 

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[c-po]

It's a good catch, but mangling PAM files by hand is risky and unmaintainable.

Can you please use https://manpages.ubuntu.com/manpages/trusty/man8/pam-auth-update.8.html to update the file?

We have the RADIUS config here https://github.com/vyos/vyos-1x/blob/current/src/pam-configs/radius so it looks like it only needs to be adjusted. Check Session-Interactive-Only in https://wiki.ubuntu.com/PAMConfigFrameworkSpec

[sever-sever]

We have the RADIUS config here https://github.com/vyos/vyos-1x/blob/current/src/pam-configs/radius so it looks like it only needs to be adjusted.

Done!