Ok, all changed, still no-go:
[root@bpbuild001 ~]# tail /etc/koji-hub/hub.conf
## If ServerOffline is True, the server will always report a ServerOffline fault (with
## OfflineMessage as the fault string).
## If LockOut is True, the server will report a ServerOffline fault for all non-admin
## requests.
AuthPrincipal = host/bpbuild001.co0.nar.beatportcorp.net(a)AUTH.BEATPORTCORP.NET
AuthKeytab = /etc/krb5.keytab
ProxyPrincipals = koji/bpbuild001.co0.nar.beatportcorp.net(a)AUTH.BEATPORTCORP.NET
HostPrincipalFormat = compile/%s(a)AUTH.BEATPORTCORP.NET
[root@bpbuild001 ~]# klist -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 host/bpbuild001.co0.nar.beatportcorp.net(a)AUTH.BEATPORTCORP.NET
1 host/bpbuild001.co0.nar.beatportcorp.net(a)AUTH.BEATPORTCORP.NET
1 host/bpbuild001.co0.nar.beatportcorp.net(a)AUTH.BEATPORTCORP.NET
1 host/bpbuild001.co0.nar.beatportcorp.net(a)AUTH.BEATPORTCORP.NET
[root@bpbuild001 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: swebb(a)AUTH.BEATPORTCORP.NET
Valid starting Expires Service principal
12/17/10 15:36:29 12/18/10 03:30:18 krbtgt/AUTH.BEATPORTCORP.NET(a)AUTH.BEATPORTCORP.NET
[root@bpbuild001 ~]# su - koji
[koji@bpbuild001 ~]$ psql
psql (8.4.5)
Type "help" for help.
koji=> select * from users;
id | name | password | status | usertype | krb_principal
----+-------+----------+--------+----------+----------------------------------------------------------------
2 | swebb | | 0 | 0 | swebb(a)AUTH.BEATPORTCORP.NET
1 | koji | | 0 | 0 |
koji/bpbuild001.co0.nar.beatportcorp.net(a)AUTH.BEATPORTCORP.NET
(2 rows)
koji=> \q
[koji@bpbuild001 ~]$ logout
[root@bpbuild001 ~]# koji add-user kojira
Kerberos authentication failed: Server not found in Kerberos database (-1765328377)
Q: The error now says "Server not found" - should the principal in psql be
host/... ??
- Steve
--
Steve Webb | System Administrator
Beatport | Music for DJ's
------------------------------------------
2399 Blake Street, Suite 170
Denver, Colorado USA 80205
tel: +1.720.932.9103
fax: +1.720.932.9104
noc: +1.303.565.2710
mobile: +1.303.564.4269