[Freeipa-users] sudo without the !authenticate
Rob Verduijn
rob.verduijn at gmail.com
Mon Sep 1 18:38:32 UTC 2014
2014-09-01 18:47 GMT+02:00 Dmitri Pal <dpal at redhat.com>:
> On 09/01/2014 06:17 PM, Rob Verduijn wrote:
>
> Hello,
>
> I've a freeipa running on fedora 20 with fedora 20 clients.
>
> When I configure sudo with the !authenticate option, everything works
> fine.
> ie 'sudo journalctl' works fine, you get to see the logs
>
> However when I remove the !authenticate option the sudo command asks for
> a password but it always fails.
>
> In the logs it says that authentication succes
> but it is followed by the line access denied.
>
> What could be causing this ?
>
> Rob
>
>
>
> Probably access control. Do you have HBAC rules defined? Do they allow
> user to do sudo operations?
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
Hello,
That was indeed preventing the access without the !noathenticate.
I've added sudo to the hbac and now it works.
Thanx.
Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140901/5e287c44/attachment.htm>
More information about the Freeipa-users
mailing list