Re: koji using krb - having problems

Mon, 03 Jan 2011 06:23:20 -0800 

On 12/29/2010 11:06 AM, [email protected] wrote:
> Still stuck here.  Anyone around during the holidays that can help?

Could you post the /etc/koji.conf from the client machine (the machine
where you're running "koji add-user kojira")?

Also, try running:

klist -kt /etc/krb5.keytab \
  host/[email protected]

and then klist, and post the output of both commands.

> - Steve
> 
> On Fri, 17 Dec 2010, [email protected] wrote:
> 
>> Ok, all changed, still no-go:
>>
>> [r...@bpbuild001 ~]# tail /etc/koji-hub/hub.conf
>> ## If ServerOffline is True, the server will always report a ServerOffline 
>> fault (with
>> ## OfflineMessage as the fault string).
>> ## If LockOut is True, the server will report a ServerOffline fault for all 
>> non-admin
>> ## requests.
>>
>> AuthPrincipal = 
>> host/[email protected]
>> AuthKeytab = /etc/krb5.keytab
>> ProxyPrincipals = 
>> koji/[email protected]
>> HostPrincipalFormat = compile/%[email protected]
>>
>> [r...@bpbuild001 ~]# klist -k /etc/krb5.keytab
>> Keytab name: WRFILE:/etc/krb5.keytab
>> KVNO Principal
>> ---- 
>> --------------------------------------------------------------------------
>>    1 host/[email protected]
>>    1 host/[email protected]
>>    1 host/[email protected]
>>    1 host/[email protected]
>> [r...@bpbuild001 ~]# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: [email protected]
>>
>> Valid starting     Expires            Service principal
>> 12/17/10 15:36:29  12/18/10 03:30:18  
>> krbtgt/[email protected]
>> [r...@bpbuild001 ~]# su - koji
>> [k...@bpbuild001 ~]$ psql
>> psql (8.4.5)
>> Type "help" for help.
>>
>> koji=> select * from users;
>>  id | name  | password | status | usertype |                         
>> krb_principal
>> ----+-------+----------+--------+----------+----------------------------------------------------------------
>>   2 | swebb |          |      0 |        0 | [email protected]
>>   1 | koji  |          |      0 |        0 | 
>> koji/[email protected]
>> (2 rows)
>>
>> koji=> \q
>> [k...@bpbuild001 ~]$ logout
>> [r...@bpbuild001 ~]# koji add-user kojira
>> Kerberos authentication failed: Server not found in Kerberos database 
>> (-1765328377)
>>
>> Q: The error now says "Server not found" - should the principal in psql be
>> host/...  ??
>>
>> - Steve
> 

--
buildsys mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/buildsys

Reply via email to