On 12/17/2010 11:44 AM, [email protected] wrote: > Ok. > > I got a krb ticket, gave myself a admin privs, then tried to add a user as > myself and I'm still getting "authentication failed". > > koji=> insert into users (name, krb_principal, status, usertype) values > ('swebb', '[email protected]', 0, 0); > INSERT 0 1 > koji=> select * from users; > id | name | password | status | usertype | krb_principal > ----+-------+----------+--------+----------+------------------------------------------ > 1 | koji | | 0 | 0 | > [email protected] > 2 | swebb | | 0 | 0 | [email protected] > (2 rows) > > koji=> insert into user_perms (user_id, perm_id, creator_id) values (2, 1, 2); > INSERT 0 1 > koji=> select * from user_perms; > user_id | perm_id | create_event | revoke_event | creator_id | revoker_id | > active > ---------+---------+--------------+--------------+------------+------------+-------- > 1 | 1 | 1 | | 1 | | > t > 2 | 1 | 2 | | 2 | | > t > (2 rows) > > [r...@bpbuild001 etc]# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: [email protected] > > Valid starting Expires Service principal > 12/17/10 09:39:56 12/17/10 21:37:58 > krbtgt/[email protected] > [r...@bpbuild001 etc]# koji add-user kojira > Kerberos authentication failed: Server not found in Kerberos database > (-1765328377) > > Is there still something missing?
The koji cli expects the service principal of the hub to be host/<server name>@<last 2 tokens of the server name>. So in your case it is trying to lookup a service principal in the BEATPORTCORP.NET domain, rather than AUTH.BEATPORTCORP.NET. Koji should probably be determining the domain from the client principal, rather than the DNS name. In the meantime, you could patch __init__.py:_serverPrincipal() to return the correct value. > - Steve Webb > > On Thu, 16 Dec 2010, Anthony Messina wrote: > >> On 12/16/2010 06:14 PM, [email protected] wrote: >>> [r...@bpbuild001 etc]# koji add-user kojira >>> Unable to log in, no authentication methods available >>> >>> The document doesn't have any methods to verify/debug that I've gotten the >>> krb configs correct.. Is there a way to debug that I've done the krb >>> configs properly? >> >> You are doing this under the root account. I'm guessing that your root >> user might not be the koji administrative user you added during setup >> and that you don't have kerberos credentials as that administrative user. >> >> If the koji admin user you created had a username of 'steve' and >> kerberos principal of [email protected], then if you are logged in as >> 'steve' and have done a kinit [email protected], you should then be able >> to perform the tasks. >> >> -A >> >> > -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
