[Freeipa-users] sudo log errors
Natxo Asenjo
natxo.asenjo at gmail.com
Tue Jan 14 11:17:47 UTC 2014
hi,
after using sudo from ipa extensively I needed to configure a local
user to also use sudo.
This is for monitoring, we use nagios.
It works but now I have lots of error messages in /var/log/messages
like this one:
sudo: GSSAPI Error: Unspecified GSS failure. Minor code may provide
more information (Credentials cache file '/tmp/krb5cc_0' not found)
Well, yes, obviously the nagios local user does not have a kerberos
ticket. Why the error?
I modified /etc/sudoers to allow the nagios user to not use a tty:
Defaults:nagios !requiretty
And have added nagios config files for sudo in /etc/sudoers.d/
nagios ALL=NOPASSWD: /usr/lib/nagios/plugins/check_logfiles
In /etc/nsswitch.conf, sudo looks like this:
sudoers: files ldap
Is there anything else I can do or do I just have to live with the
error on syslog?
TIA,
--
Groeten,
natxo
More information about the Freeipa-users
mailing list