> From: [email protected] > > On 10/22/13 7:52 AM, [email protected] wrote: > > > From: [email protected] > > > > > > On 10/16/2013 06:28 PM, Michael Cronenworth wrote: > > > > [email protected] wrote: > > > >> However, if I try the login link on the web page, firefox comes up > > with a > > > >> message stating: > > > >> > > > >> The page isn't redirecting properly > > > > > > > > I believe this is a bug in the latest Koji. After Fedora 18 or 19 web > > > > login broke for me and I never investigated as to why as I never > > use it. > > > > I use the CLI. > > > > > > The underlying bug is that koji's check for http vs https was breaking > > > on newer versions of mod_wsgi. This was fixed on the hub a while back, > > > but for some reason we missed it on the web ui. > > > > > > This commit should help: > > > https://git.fedorahosted.org/cgit/koji/commit/? > > > id=cf01c000a83702ee74de67b2ead3bdef51591093 > > > > > > Thanks Mike! That indeed seemed to get things going in the right > > direction, but now my login link makes me think I have a certificate > > error of sorts, yet everything looks good to me. Clicking the login > > link gets me: > > > > ==> /var/log/httpd/error_log <== > > [Tue Oct 22 09:48:02.669660 2013] [:error] [pid 623] 669 [ERROR] m=login > > u=None p=623 r=10.1.0.158:34806 koji.web: Traceback (most recent call > > last): > > [Tue Oct 22 09:48:02.669694 2013] [:error] [pid 623] File > > "/usr/share/koji-web/scripts/wsgi_publisher.py", line 368, in > > handle_request > > [Tue Oct 22 09:48:02.669702 2013] [:error] [pid 623] result = > > func(environ, **data) > > [Tue Oct 22 09:48:02.669707 2013] [:error] [pid 623] File > > "/usr/share/koji-web/scripts/index.py", line 237, in login > > [Tue Oct 22 09:48:02.669713 2013] [:error] [pid 623] if not > > _sslLogin(environ, session, username): > > [Tue Oct 22 09:48:02.669717 2013] [:error] [pid 623] File > > "/usr/share/koji-web/scripts/index.py", line 125, in _sslLogin > > [Tue Oct 22 09:48:02.669722 2013] [:error] [pid 623] > > proxyuser=username) > > [Tue Oct 22 09:48:02.669727 2013] [:error] [pid 623] File > > "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1726, in > > ssl_login > > [Tue Oct 22 09:48:02.669732 2013] [:error] [pid 623] sinfo = > > self.callMethod('sslLogin', proxyuser) > > [Tue Oct 22 09:48:02.669746 2013] [:error] [pid 623] File > > "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1775, in > > callMethod > > [Tue Oct 22 09:48:02.669752 2013] [:error] [pid 623] return > > self._callMethod(name, args, opts) > > [Tue Oct 22 09:48:02.669757 2013] [:error] [pid 623] File > > "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1914, in > > _callMethod > > [Tue Oct 22 09:48:02.669761 2013] [:error] [pid 623] raise err > > [Tue Oct 22 09:48:02.669766 2013] [:error] [pid 623] AuthError: > > CN=mdct-koji.dartcontainer.com,OU=kojiweb,O=Dart Container > > Corp.,ST=Michigan,C=US is not authorized to login other users > > > > My setup is as follows: > > > > # grep ProxyDNs /etc/koji-hub/hub.conf > > ProxyDNs = /C=US/ST=Michigan/O=Dart Container > > Corp./OU=kojiweb/CN=mdct-koji.dartcontainer.com > > This looks like a change in the format mod_ssl uses for the > SSL_CLIENT_S_DN variable. If you change the ProxyDNs entry to match the
> DN printed in the backtrace, it should fix the problem. Sure enough, that did the trick. I'll make a note of this at https://fedoraproject.org/wiki/Koji/ServerHowTo. Any idea of what version of mod_ssl brought about this change? -- John Florian
-- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
