On 04/21/2010 04:09 AM, Greg Trahair wrote: > Hi Mike, > > Thanks for the response. This indeed worked like a charm, although, it > didn't seem to work in hub.conf, but in the python options. > > I plan to try again today to get it working in hub.conf, but here's what > I had (obviously the .. are values on my system: > > hub.conf (didn't work): > ProxyDNs = /C=.../ST=.../O=.../OU=.../CN=.../emailaddress=...@... | > /C=.../ST=.../O=.../OU=.../CN=.../emailAddress=... > > pythonOptions (worked): > PythonOption ProxyDNs > "/C=.../ST=.../O=.../OU=.../CN=.../emailAddress=...|/C=.../ST=.../O=.../ > OU=.../CN=.../emailAddress=..." > > Can you give me an example of a working hub.conf with multiple builders?
You shouldn't need to add builders to ProxyDNs, you should be creating a different certificate for each builder with a different CN, which will be used as the unique username. ProxyDNs is really only designed to allow the web UI perform actions as other users. Is there a reason you need to add builders to ProxyDNs? > Regards, > Greg > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Mike > Bonnet > Sent: Tuesday, April 20, 2010 5:33 PM > To: Discussion of Fedora build system > Subject: Re: Koji special permissions for --runas > > On 04/20/2010 09:24 AM, Greg Trahair wrote: >> Hi, >> >> >> >> I'm trying to use the --runas parameter and get the following error: >> >> >> >> AuthError: /C=blah/ST=blah/O=blah/OU=blah/CN=<user>/emailAddress=blah > is >> not authorized to login other users >> >> >> >> The user that I'm trying to submit the build from is kojiadmin (with >> admin permissions). >> >> >> >> The reason that I'd like this, is that I want to use a post-commit >> trigger to submit a build using the kojiadmin user, but still > submitting >> the build as the user that committed the change to SVN. >> >> >> >> In auth.py:364 I see some mention of a proxyuser, but I don't know how >> to use it. >> >> >> >> Can anyone help? > > If you're using SSL auth, you need to put the full DN of the client > certificate you're logging in with (the DN is printed in the AuthError) > into the ProxyDN= config entry in hub.conf. This establishes that the > client using that DN is authorized to log in as another user. > -- > buildsys mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/buildsys > -- > buildsys mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/buildsys -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
