[Freeipa-users] sudo log errors
Dmitri Pal
dpal at redhat.com
Tue Jan 14 16:34:04 UTC 2014
On 01/14/2014 06:17 AM, Natxo Asenjo wrote:
> hi,
>
> after using sudo from ipa extensively I needed to configure a local
> user to also use sudo.
>
> This is for monitoring, we use nagios.
>
> It works but now I have lots of error messages in /var/log/messages
> like this one:
>
> sudo: GSSAPI Error: Unspecified GSS failure. Minor code may provide
> more information (Credentials cache file '/tmp/krb5cc_0' not found)
>
> Well, yes, obviously the nagios local user does not have a kerberos
> ticket. Why the error?
>
> I modified /etc/sudoers to allow the nagios user to not use a tty:
>
> Defaults:nagios !requiretty
>
> And have added nagios config files for sudo in /etc/sudoers.d/
>
> nagios ALL=NOPASSWD: /usr/lib/nagios/plugins/check_logfiles
>
> In /etc/nsswitch.conf, sudo looks like this:
>
> sudoers: files ldap
>
> Is there anything else I can do or do I just have to live with the
> error on syslog?
>
> TIA,
> --
> Groeten,
> natxo
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
I wonder if putting this user into the local sssd provider would silence
it... Just a thought...
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list