On 01/14/2014 06:17 AM, Natxo Asenjo wrote:
> after using sudo from ipa extensively I needed to configure a local
> user to also use sudo.
> This is for monitoring, we use nagios.
> It works but now I have lots of error messages in /var/log/messages
> like this one:
> sudo: GSSAPI Error: Unspecified GSS failure. Minor code may provide
> more information (Credentials cache file '/tmp/krb5cc_0' not found)
> Well, yes, obviously the nagios local user does not have a kerberos
> ticket. Why the error?
> I modified /etc/sudoers to allow the nagios user to not use a tty:
> Defaults:nagios !requiretty
> And have added nagios config files for sudo in /etc/sudoers.d/
> nagios ALL=NOPASSWD: /usr/lib/nagios/plugins/check_logfiles
> In /etc/nsswitch.conf, sudo looks like this:
> sudoers: files ldap
> Is there anything else I can do or do I just have to live with the
> error on syslog?
> Freeipa-users mailing list
I wonder if putting this user into the local sssd provider would silence
it... Just a thought...
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list