> That's because it doesn't exist in user.conf :) It is in user.conf, you're reading the wrong example. Read the first thread in the post. There's two examples (one that works, one that does not). [email protected] is in the second example. You referenced the first example.
> Hence you have to edit the Apache file to reject users not in your ok list as > well. I'm confused again. Why would I do that? I want all valid Kerberos users to succeed logging in. I want those who aren't in users.conf to have access to Systems, but that's it. I want those who *are* in uses.conf (specifically the admins group) to have full access. Can that be done? On Thu, Aug 13, 2009 at 9:31 AM, Michael DeHaan<[email protected]> wrote: > On 08/13/2009 12:23 PM, Paul Company wrote: > > Guessing -- I believe your username in the bottom example is > [email protected], > if that's what you logged in with, not pcompany. > > Was that it? > > > No, I can login as pcompany or [email protected] and neither works! > > It has something to do with the httpd stanza. > If you diff the stanzas, > > This works: > AuthType Basic > AuthName Cobbler > > This does not: > AuthType Kerberos > AuthName "Kerberos Login" > KrbServiceName HTTP > Krb5Keytab /etc/httpd/conf.d/HTTP.keytab > KrbAuthRealms EXAMPLE.COM > > I'm assuming the authz_ownership module receives the username from > somewhere and checks it against the user.conf file. > What passes the username to the authz_ownership module? > > > The username is the username you give to the login prompt. > > And how do I debug that? > It's acting like [email protected] does not exist in user.conf. > > > That's because it doesn't exist in user.conf :) > >>> # vi /etc/cobbler/users.conf >>> [admins] >>> admin = "" >>> cobbler = "" >>> pcompany = "" >>> :wq! >>> > > > You will be able to login through anything Kerberos allows, though what you > are able to do is governed by users.conf. > > Hence you have to edit the Apache file to reject users not in your ok list > as well. > > --Michael > > > > > > > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler > > _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
