koji using krb - having problems
Mike Bonnet
mikeb at redhat.com
Mon Jan 3 14:23:13 UTC 2011
On 12/29/2010 11:06 AM, steve.webb at beatport.com wrote:
> Still stuck here. Anyone around during the holidays that can help?
Could you post the /etc/koji.conf from the client machine (the machine
where you're running "koji add-user kojira")?
Also, try running:
klist -kt /etc/krb5.keytab \
host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
and then klist, and post the output of both commands.
> - Steve
>
> On Fri, 17 Dec 2010, steve.webb at beatport.com wrote:
>
>> Ok, all changed, still no-go:
>>
>> [root at bpbuild001 ~]# tail /etc/koji-hub/hub.conf
>> ## If ServerOffline is True, the server will always report a ServerOffline fault (with
>> ## OfflineMessage as the fault string).
>> ## If LockOut is True, the server will report a ServerOffline fault for all non-admin
>> ## requests.
>>
>> AuthPrincipal = host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>> AuthKeytab = /etc/krb5.keytab
>> ProxyPrincipals = koji/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>> HostPrincipalFormat = compile/%s at AUTH.BEATPORTCORP.NET
>>
>> [root at bpbuild001 ~]# klist -k /etc/krb5.keytab
>> Keytab name: WRFILE:/etc/krb5.keytab
>> KVNO Principal
>> ---- --------------------------------------------------------------------------
>> 1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>> 1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>> 1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>> 1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>> [root at bpbuild001 ~]# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: swebb at AUTH.BEATPORTCORP.NET
>>
>> Valid starting Expires Service principal
>> 12/17/10 15:36:29 12/18/10 03:30:18 krbtgt/AUTH.BEATPORTCORP.NET at AUTH.BEATPORTCORP.NET
>> [root at bpbuild001 ~]# su - koji
>> [koji at bpbuild001 ~]$ psql
>> psql (8.4.5)
>> Type "help" for help.
>>
>> koji=> select * from users;
>> id | name | password | status | usertype | krb_principal
>> ----+-------+----------+--------+----------+----------------------------------------------------------------
>> 2 | swebb | | 0 | 0 | swebb at AUTH.BEATPORTCORP.NET
>> 1 | koji | | 0 | 0 | koji/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>> (2 rows)
>>
>> koji=> \q
>> [koji at bpbuild001 ~]$ logout
>> [root at bpbuild001 ~]# koji add-user kojira
>> Kerberos authentication failed: Server not found in Kerberos database (-1765328377)
>>
>> Q: The error now says "Server not found" - should the principal in psql be
>> host/... ??
>>
>> - Steve
>
More information about the buildsys
mailing list