sudo/kerberos problems in F18

John.Florian at dart.biz John.Florian at dart.biz
Fri Aug 17 13:38:07 UTC 2012 

> From: John.Florian at dart.biz
> 
> I have sudo configured with: 
> 
> # Allow all members of the sudoers group (in LDAP) to run all commands. 
> %sudoers        ALL=(ALL)       NOPASSWD: ALL 
> 
> I'm a member of the sudoers group, but it is failing to authenticate
> me and this shows up in syslog: 
> 
> Aug 16 16:04:28 f18test [sssd[krb5_child[16009]]]: Credential cache 
> directory /run/user/10325/ccdir does not exist 
> 
> All but the ccdir does indeed exist.  Seeing krb5 mentioned here, I 
> should note that system-auth uses Kerberos against an AD server.

Debugging this a little further, I've manually created the required ccdir 
directory and made myself its owner.  Running "groups" as myself, I can 
confirm my membership to the "sudoers" group.  However, sudo still claims 
"testuser is not in the sudoers file.  This incident will be reported." 
The relevant logs capture:

==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo: pam_unix(sudo:auth): authentication failure; 
logname=testuser uid=10325 euid=0 tty=/dev/pts/3 ruser=testuser rhost= 
user=testuser

==> /var/log/audit/audit.log <==
type=USER_AUTH msg=audit(1345210476.895:3118): pid=0 uid=0 auid=10325 
ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 
msg='op=PAM:authentication acct="testuser" exe="/usr/bin/sudo" hostname=? 
addr=? terminal=/dev/pts/3 res=success'

==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo: pam_sss(sudo:auth): authentication success; 
logname=testuser uid=10325 euid=0 tty=/dev/pts/3 ruser=testuser rhost= 
user=testuser

==> /var/log/audit/audit.log <==
type=USER_ACCT msg=audit(1345210476.896:3119): pid=0 uid=0 auid=10325 
ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 
msg='op=PAM:accounting acct="testuser" exe="/usr/bin/sudo" hostname=? 
addr=? terminal=/dev/pts/3 res=success'
type=USER_CMD msg=audit(1345210476.897:3120): pid=0 uid=0 auid=10325 
ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 
msg='cwd="/home/00/testuser" cmd="date" terminal=pts/3 res=failed'

==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo:   testuser : user NOT in sudoers ; TTY=pts/3 
; PWD=/home/00/testuser ; USER=root ; 
ENV=PROPHILE=/var/lib/prophile.d/jflorian GVIMINIT=source 
/var/lib/prophile.d/jflorian/vim/gvimrc VIMINIT=source 
/var/lib/prophile.d/jflorian/vim/vimrc ; COMMAND=/bin/date

I'm not sure what else I can do to dig further into why sudo is failing.

--
John Florian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/test/attachments/20120817/c3203ac7/attachment.html>

More information about the test mailing list