sudo/kerberos problems in F18
John.Florian at dart.biz
John.Florian at dart.biz
Fri Aug 17 13:38:07 UTC 2012
> From: John.Florian at dart.biz
>
> I have sudo configured with:
>
> # Allow all members of the sudoers group (in LDAP) to run all commands.
> %sudoers ALL=(ALL) NOPASSWD: ALL
>
> I'm a member of the sudoers group, but it is failing to authenticate
> me and this shows up in syslog:
>
> Aug 16 16:04:28 f18test [sssd[krb5_child[16009]]]: Credential cache
> directory /run/user/10325/ccdir does not exist
>
> All but the ccdir does indeed exist. Seeing krb5 mentioned here, I
> should note that system-auth uses Kerberos against an AD server.
Debugging this a little further, I've manually created the required ccdir
directory and made myself its owner. Running "groups" as myself, I can
confirm my membership to the "sudoers" group. However, sudo still claims
"testuser is not in the sudoers file. This incident will be reported."
The relevant logs capture:
==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo: pam_unix(sudo:auth): authentication failure;
logname=testuser uid=10325 euid=0 tty=/dev/pts/3 ruser=testuser rhost=
user=testuser
==> /var/log/audit/audit.log <==
type=USER_AUTH msg=audit(1345210476.895:3118): pid=0 uid=0 auid=10325
ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:authentication acct="testuser" exe="/usr/bin/sudo" hostname=?
addr=? terminal=/dev/pts/3 res=success'
==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo: pam_sss(sudo:auth): authentication success;
logname=testuser uid=10325 euid=0 tty=/dev/pts/3 ruser=testuser rhost=
user=testuser
==> /var/log/audit/audit.log <==
type=USER_ACCT msg=audit(1345210476.896:3119): pid=0 uid=0 auid=10325
ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:accounting acct="testuser" exe="/usr/bin/sudo" hostname=?
addr=? terminal=/dev/pts/3 res=success'
type=USER_CMD msg=audit(1345210476.897:3120): pid=0 uid=0 auid=10325
ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='cwd="/home/00/testuser" cmd="date" terminal=pts/3 res=failed'
==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo: testuser : user NOT in sudoers ; TTY=pts/3
; PWD=/home/00/testuser ; USER=root ;
ENV=PROPHILE=/var/lib/prophile.d/jflorian GVIMINIT=source
/var/lib/prophile.d/jflorian/vim/gvimrc VIMINIT=source
/var/lib/prophile.d/jflorian/vim/vimrc ; COMMAND=/bin/date
I'm not sure what else I can do to dig further into why sudo is failing.
--
John Florian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/test/attachments/20120817/c3203ac7/attachment.html>
More information about the test
mailing list