(In reply to Archie Cobbs from comment #6) > The only check that seems to be causing the error is the JVM check > that runs sudo (see below for entire script). sudo is a bit special as it opens a new session including a logind one. This part is debatable but that's currently the way it works on openSUSE. That said, logind shouldn't open a new session (for root) because the execution of the script is already part of a session which was opened by sshd for 'pexpnagios' user. But for some reasons, this check seems to fail sometimes. > From /etc/passwd: > > pexpnagios:x:1000:100::/home/pexpnagios:/bin/bash > So nothing fancy here. > > BTW did you make any modification in the pam stuff ? > > I hope not. But to digress a bit, often when I do a "zypper dup" to upgrade > to a newer version of openSUSE, there are RPM config file conflicts in > /etc/pam.d. This is really annoying and it's never clear how to resolve > these. > > It appears that two things that don't know about each other are conflicting: > (a) the /etc/pam.d/common-foo files are normal files owned by the "pam" RPM, > but (b) the "pam-config" RPM turns them into symlinks. So any time the "pam" > RPM is upgraded and changes any of the common-foo files, you get an RPM > config file conflict. If you have never modified files in pam.d and you got conflicts then it sounds like a bug, feel free to open a new report. > Anyway, don't know if that has anything to do with this. Here's the contents > of those file: You can also check for modified files with "rpm -V pam". > [root@test.stv.pexp] 837 cat common-session > #%PAM-1.0 > # > # This file is autogenerated by pam-config. All changes > # will be overwritten. > # > # Session-related modules common to all services > # > # This file is included from other service-specific PAM config files, > # and should contain a list of modules that define tasks to be performed > # at the start and end of sessions of *any* kind (both interactive and > # non-interactive > # > session optional pam_systemd.so Can you enable the debug logs for pam_systemd ? To do so replace the line above with : session optional pam_systemd.so debug IOW append "debug" to the line. > This is our homebrew check_jvm Nagios check: > > ======== cut here ============ Please next time *attach* the script or any file to this report instead of pasting them here as it makes the comments needlessly long and hard to read.