Problem configuring kojihub

Mike Bonnet mikeb at redhat.com
Fri Sep 17 17:38:02 UTC 2010 

On 09/17/2010 01:32 PM, James Cammarata wrote:
> 
> I've followed the instructions (as best I can tell) to install kojihub/web
> on a RHEL5 system using the EPEL packages using the documentation here:
> http://fedoraproject.org/wiki/Koji/ServerHowTo
> 
> I can access things in read-only mode, however when I try and login to
> kojihub from web interface or execute CLI admin commands, I get the
> following message:
> 
> Traceback (most recent call last):
>   File "/usr/share/koji-web/lib/kojiweb/publisher.py", line 16, in
> publish_object
>     return old_publish_object(req, object)
>   File "/usr/lib64/python2.4/site-packages/mod_python/publisher.py", line
> 412, in publish_object
>     return publish_object(req,util.apply_fs_data(object, req.form,
> req=req))
>   File "/usr/lib64/python2.4/site-packages/mod_python/util.py", line 439,
> in apply_fs_data
>     return object(**args)
>   File "/usr/share/koji-web/scripts/index.py", line 183, in login
>     if not _sslLogin(req, session, username):
>   File "/usr/share/koji-web/scripts/index.py", line 70, in _sslLogin
>     proxyuser=username)
>   File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1458, in
> ssl_login
>     sinfo = self.callMethod('sslLogin', proxyuser)
>   File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1503, in
> callMethod
>     return self._callMethod(name, args, opts)
>   File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1548, in
> _callMethod
>     raise err
> AuthError: could not verify client: None
> 
> 
> I assume this is because I've generated one of my SSL certs incorrectly
> (I've tried self-signed, as well as with our in-house CA cert), but I can't
> figure it out.  I've regenerated all of the certs multiple times, but I
> can't get this working.
> 
> Any tips on what I may have done wrong?

That error comes from index.py:login():

        if env.get('SSL_CLIENT_VERIFY') != 'SUCCESS':
            raise koji.AuthError, 'could not verify client: %s' %
env.get('SSL_CLIENT_VERIFY')

This usually means that SSL has not been configured correctly in apache.
 Check your /etc/httpd/conf.d/kojiweb.conf and make sure the:

<Location /koji/login>

section is not commented out.  The "SSLOptions +StdEnvVars" in there is
what sets the SSL environment variables kojiweb uses, including
SSL_VERIFY_CLIENT.

More information about the buildsys mailing list