Bug 728475

Summary: audisp-remote.conf - remove krb5 related options which generate syslog messages
Product: Red Hat Enterprise Linux 6 Reporter: Eduard Benes <ebenes>
Component: auditAssignee: Steve Grubb <sgrubb>
Status: CLOSED ERRATA QA Contact: Ondrej Moriš <omoris>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: omoris, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: audit-2.1.3-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 18:20:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 584498, 846801, 846802    

Description Eduard Benes 2011-08-05 09:53:20 UTC 
Description of problem:
Current default configuration of audisp-remote.conf lists krb5 related options which generate syslog messages. It would be better to leave krb options unsused/ commented instead of filling /var/log/messages with warning messages.

Version-Release number of selected component (if applicable):
audispd-plugins-2.1-5.el6

How reproducible:
always

Steps to Reproduce:
1. install audispd-plugins and configure basic remote logging 
2. # tail -f /var/log/messages &
3. # tail -n1 /var/log/audit/audit.log | audisp-remote
  
Actual results:
warning messages about GSSAPI support being not enabled
# tail -n1 /var/log/audit/audit.log | audisp-remote 
Aug  5 05:49:03 auto-x86-64-002 audisp-remote: GSSAPI support is not enabled, ignoring value at line 28
Aug  5 05:49:03 auto-x86-64-002 audisp-remote: GSSAPI support is not enabled, ignoring value at line 30

Expected results:
no warning messages about GSSAPI support
Comment 2 Steve Grubb 2011-08-15 20:52:06 UTC 
This was addressed in audit-2.1.3-1.el6
Comment 5 errata-xmlrpc 2011-12-06 18:20:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1739.html