koji using krb - having problems
steve.webb at beatport.com
steve.webb at beatport.com
Fri Dec 17 16:44:44 UTC 2010
Ok.
I got a krb ticket, gave myself a admin privs, then tried to add a user as
myself and I'm still getting "authentication failed".
koji=> insert into users (name, krb_principal, status, usertype) values ('swebb', 'swebb at AUTH.BEATPORTCORP.NET', 0, 0);
INSERT 0 1
koji=> select * from users;
id | name | password | status | usertype | krb_principal
----+-------+----------+--------+----------+------------------------------------------
1 | koji | | 0 | 0 | koji at bpbuild001.co0.nar.beatportcorp.net
2 | swebb | | 0 | 0 | swebb at AUTH.BEATPORTCORP.NET
(2 rows)
koji=> insert into user_perms (user_id, perm_id, creator_id) values (2, 1, 2);
INSERT 0 1
koji=> select * from user_perms;
user_id | perm_id | create_event | revoke_event | creator_id | revoker_id | active
---------+---------+--------------+--------------+------------+------------+--------
1 | 1 | 1 | | 1 | | t
2 | 1 | 2 | | 2 | | t
(2 rows)
[root at bpbuild001 etc]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: swebb at AUTH.BEATPORTCORP.NET
Valid starting Expires Service principal
12/17/10 09:39:56 12/17/10 21:37:58 krbtgt/AUTH.BEATPORTCORP.NET at AUTH.BEATPORTCORP.NET
[root at bpbuild001 etc]# koji add-user kojira
Kerberos authentication failed: Server not found in Kerberos database (-1765328377)
Is there still something missing?
- Steve Webb
On Thu, 16 Dec 2010, Anthony Messina wrote:
> On 12/16/2010 06:14 PM, steve.webb at beatport.com wrote:
>> [root at bpbuild001 etc]# koji add-user kojira
>> Unable to log in, no authentication methods available
>>
>> The document doesn't have any methods to verify/debug that I've gotten the
>> krb configs correct.. Is there a way to debug that I've done the krb
>> configs properly?
>
> You are doing this under the root account. I'm guessing that your root
> user might not be the koji administrative user you added during setup
> and that you don't have kerberos credentials as that administrative user.
>
> If the koji admin user you created had a username of 'steve' and
> kerberos principal of steve at EXAMPLE.COM, then if you are logged in as
> 'steve' and have done a kinit steve at EXAMPLE.COM, you should then be able
> to perform the tasks.
>
> -A
>
>
--
Steve Webb | System Administrator
Beatport | Music for DJ's
------------------------------------------
2399 Blake Street, Suite 170
Denver, Colorado USA 80205
tel: +1.720.932.9103
fax: +1.720.932.9104
noc: +1.303.565.2710
mobile: +1.303.564.4269
More information about the buildsys
mailing list