koji using krb - having problems

Mike Bonnet mikeb at redhat.com
Mon Jan 3 14:23:13 UTC 2011 

On 12/29/2010 11:06 AM, steve.webb at beatport.com wrote:
> Still stuck here.  Anyone around during the holidays that can help?

Could you post the /etc/koji.conf from the client machine (the machine
where you're running "koji add-user kojira")?

Also, try running:

klist -kt /etc/krb5.keytab \
  host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET

and then klist, and post the output of both commands.

> - Steve
> 
> On Fri, 17 Dec 2010, steve.webb at beatport.com wrote:
> 
>> Ok, all changed, still no-go:
>>
>> [root at bpbuild001 ~]# tail /etc/koji-hub/hub.conf
>> ## If ServerOffline is True, the server will always report a ServerOffline fault (with
>> ## OfflineMessage as the fault string).
>> ## If LockOut is True, the server will report a ServerOffline fault for all non-admin
>> ## requests.
>>
>> AuthPrincipal = host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>> AuthKeytab = /etc/krb5.keytab
>> ProxyPrincipals = koji/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>> HostPrincipalFormat = compile/%s at AUTH.BEATPORTCORP.NET
>>
>> [root at bpbuild001 ~]# klist -k /etc/krb5.keytab
>> Keytab name: WRFILE:/etc/krb5.keytab
>> KVNO Principal
>> ---- --------------------------------------------------------------------------
>>    1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>>    1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>>    1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>>    1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>> [root at bpbuild001 ~]# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: swebb at AUTH.BEATPORTCORP.NET
>>
>> Valid starting     Expires            Service principal
>> 12/17/10 15:36:29  12/18/10 03:30:18  krbtgt/AUTH.BEATPORTCORP.NET at AUTH.BEATPORTCORP.NET
>> [root at bpbuild001 ~]# su - koji
>> [koji at bpbuild001 ~]$ psql
>> psql (8.4.5)
>> Type "help" for help.
>>
>> koji=> select * from users;
>>  id | name  | password | status | usertype |                         krb_principal
>> ----+-------+----------+--------+----------+----------------------------------------------------------------
>>   2 | swebb |          |      0 |        0 | swebb at AUTH.BEATPORTCORP.NET
>>   1 | koji  |          |      0 |        0 | koji/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>> (2 rows)
>>
>> koji=> \q
>> [koji at bpbuild001 ~]$ logout
>> [root at bpbuild001 ~]# koji add-user kojira
>> Kerberos authentication failed: Server not found in Kerberos database (-1765328377)
>>
>> Q: The error now says "Server not found" - should the principal in psql be
>> host/...  ??
>>
>> - Steve
>

More information about the buildsys mailing list