> The koji cli expects the service principal of the hub to be host/<server
> name>@<last 2 tokens of the server name>. So in your case it is trying
> to lookup a service principal in the BEATPORTCORP.NET domain, rather
> than AUTH.BEATPORTCORP.NET. Koji should probably be determining the
> domain from the client principal, rather than the DNS name. In the
> meantime, you could patch __init__.py:_serverPrincipal() to return the
> correct value.
I just changed it to accept 3 parts to the server name by changing the 2s
to 3s in /usr/lib/python2.7/site-packages/koji/__init__.py
def _serverPrincipal(self):
"""Get the Kerberos principal of the server we're connecting
to, based on baseurl. Assume the last two components of the
server name are the Kerberos realm."""
servername = urlparse.urlparse(self.baseurl)[1]
portspec = servername.find(':')
if portspec != -1:
servername = servername[:portspec]
parts = servername.split('.')
if len(parts) < 3:
domain = servername.upper()
else:
domain = '.'.join(parts[-3:]).upper()
return 'host/%...@%s' % (servername, domain)
Still getting authentication failure:
[r...@bpbuild001 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]
Valid starting Expires Service principal
12/17/10 09:39:56 12/17/10 21:37:58
krbtgt/[email protected]
[r...@bpbuild001 ~]# koji add-user kojira
Kerberos authentication failed: Server not found in Kerberos database
(-1765328377)
--
Steve Webb | System Administrator
Beatport | Music for DJ's
------------------------------------------
2399 Blake Street, Suite 170
Denver, Colorado USA 80205
tel: +1.720.932.9103
fax: +1.720.932.9104
noc: +1.303.565.2710
mobile: +1.303.564.4269
--
buildsys mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/buildsys
