koji using krb - having problems

steve.webb at beatport.com steve.webb at beatport.com
Fri Dec 17 16:44:44 UTC 2010 

Ok.

I got a krb ticket, gave myself a admin privs, then tried to add a user as 
myself and I'm still getting "authentication failed".

koji=> insert into users (name, krb_principal, status, usertype) values ('swebb', 'swebb at AUTH.BEATPORTCORP.NET', 0, 0);
INSERT 0 1
koji=> select * from users;
  id | name  | password | status | usertype |              krb_principal 
----+-------+----------+--------+----------+------------------------------------------
   1 | koji  |          |      0 |        0 | koji at bpbuild001.co0.nar.beatportcorp.net
   2 | swebb |          |      0 |        0 | swebb at AUTH.BEATPORTCORP.NET
(2 rows)

koji=> insert into user_perms (user_id, perm_id, creator_id) values (2, 1, 2);
INSERT 0 1
koji=> select * from user_perms;
  user_id | perm_id | create_event | revoke_event | creator_id | revoker_id | active 
---------+---------+--------------+--------------+------------+------------+--------
        1 |       1 |            1 |              |          1 |            | t
        2 |       1 |            2 |              |          2 |            | t
(2 rows)

[root at bpbuild001 etc]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: swebb at AUTH.BEATPORTCORP.NET

Valid starting     Expires            Service principal
12/17/10 09:39:56  12/17/10 21:37:58  krbtgt/AUTH.BEATPORTCORP.NET at AUTH.BEATPORTCORP.NET
[root at bpbuild001 etc]# koji add-user kojira
Kerberos authentication failed: Server not found in Kerberos database (-1765328377)

Is there still something missing?

- Steve Webb

On Thu, 16 Dec 2010, Anthony Messina wrote:

> On 12/16/2010 06:14 PM, steve.webb at beatport.com wrote:
>> [root at bpbuild001 etc]# koji add-user kojira
>> Unable to log in, no authentication methods available
>>
>> The document doesn't have any methods to verify/debug that I've gotten the
>> krb configs correct..  Is there a way to debug that I've done the krb
>> configs properly?
>
> You are doing this under the root account.  I'm guessing that your root
> user might not be the koji administrative user you added during setup
> and that you don't have kerberos credentials as that administrative user.
>
> If the koji admin user you created had a username of 'steve' and
> kerberos principal of steve at EXAMPLE.COM, then if you are logged in as
> 'steve' and have done a kinit steve at EXAMPLE.COM, you should then be able
> to perform the tasks.
>
> -A
>
>

-- 
Steve Webb | System Administrator
Beatport | Music for DJ's
------------------------------------------
2399 Blake Street, Suite 170
Denver, Colorado USA 80205
tel: +1.720.932.9103
fax: +1.720.932.9104
noc: +1.303.565.2710
mobile: +1.303.564.4269

More information about the buildsys mailing list