On 01/14/2014 06:17 AM, Natxo Asenjo wrote: > hi, > > after using sudo from ipa extensively I needed to configure a local > user to also use sudo. > > This is for monitoring, we use nagios. > > It works but now I have lots of error messages in /var/log/messages > like this one: > > sudo: GSSAPI Error: Unspecified GSS failure. Minor code may provide > more information (Credentials cache file '/tmp/krb5cc_0' not found) > > Well, yes, obviously the nagios local user does not have a kerberos > ticket. Why the error? > > I modified /etc/sudoers to allow the nagios user to not use a tty: > > Defaults:nagios !requiretty > > And have added nagios config files for sudo in /etc/sudoers.d/ > > nagios ALL=NOPASSWD: /usr/lib/nagios/plugins/check_logfiles > > In /etc/nsswitch.conf, sudo looks like this: > > sudoers: files ldap > > Is there anything else I can do or do I just have to live with the > error on syslog? > > TIA, > -- > Groeten, > natxo > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users
I wonder if putting this user into the local sssd provider would silence it... Just a thought... -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users