Problem configuring kojihub
Mike Bonnet
mikeb at redhat.com
Fri Sep 17 17:38:02 UTC 2010
On 09/17/2010 01:32 PM, James Cammarata wrote:
>
> I've followed the instructions (as best I can tell) to install kojihub/web
> on a RHEL5 system using the EPEL packages using the documentation here:
> http://fedoraproject.org/wiki/Koji/ServerHowTo
>
> I can access things in read-only mode, however when I try and login to
> kojihub from web interface or execute CLI admin commands, I get the
> following message:
>
> Traceback (most recent call last):
> File "/usr/share/koji-web/lib/kojiweb/publisher.py", line 16, in
> publish_object
> return old_publish_object(req, object)
> File "/usr/lib64/python2.4/site-packages/mod_python/publisher.py", line
> 412, in publish_object
> return publish_object(req,util.apply_fs_data(object, req.form,
> req=req))
> File "/usr/lib64/python2.4/site-packages/mod_python/util.py", line 439,
> in apply_fs_data
> return object(**args)
> File "/usr/share/koji-web/scripts/index.py", line 183, in login
> if not _sslLogin(req, session, username):
> File "/usr/share/koji-web/scripts/index.py", line 70, in _sslLogin
> proxyuser=username)
> File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1458, in
> ssl_login
> sinfo = self.callMethod('sslLogin', proxyuser)
> File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1503, in
> callMethod
> return self._callMethod(name, args, opts)
> File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1548, in
> _callMethod
> raise err
> AuthError: could not verify client: None
>
>
> I assume this is because I've generated one of my SSL certs incorrectly
> (I've tried self-signed, as well as with our in-house CA cert), but I can't
> figure it out. I've regenerated all of the certs multiple times, but I
> can't get this working.
>
> Any tips on what I may have done wrong?
That error comes from index.py:login():
if env.get('SSL_CLIENT_VERIFY') != 'SUCCESS':
raise koji.AuthError, 'could not verify client: %s' %
env.get('SSL_CLIENT_VERIFY')
This usually means that SSL has not been configured correctly in apache.
Check your /etc/httpd/conf.d/kojiweb.conf and make sure the:
<Location /koji/login>
section is not commented out. The "SSLOptions +StdEnvVars" in there is
what sets the SSL environment variables kojiweb uses, including
SSL_VERIFY_CLIENT.
More information about the buildsys
mailing list