HI:

I'm using CentOS 5.2 for my Koji Server, but now I have a problem about Koji CLI auth.

According the wiki document in http://fedoraproject.org/wiki/Koji/ServerHowTo , I setup my Koji-hub、Koji-web、postgresql

, and have a koji web interface.

I also setup my CA Center，and configure the kojiweb.conf、kojihub.conf、/etc/koji.conf.

But when i execute the koji command with no username and password, the messages  is：

Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')]

why?

thanks.....


/etc/koji.conf：

[koji]

;configuration for koji cli tool

;url of XMLRPC server
;server = http://koji.fedoraproject.org/kojihub
server = http://koji.ossii.com.tw/kojihub

;url of web interface
;weburl = http://koji.fedoraproject.org/koji
weburl = http://koji.ossii.com.tw/koji

;url of package download site
;pkgurl = http://koji.fedoraproject.org/packages
pkgurl = http://koji.ossii.com.tw/packages

;path to the koji top directory
topdir = /mnt/koji

;configuration for SSL athentication

;client certificate
;cert = ~/.fedora.cert
cert = /etc/kojid/kojiadmin.crt

;certificate of the CA that issued the client certificate
;ca = ~/.fedora-upload-ca.cert
ca = /etc/kojid/kojiadmin.key

;certificate of the CA that issued the HTTP server certificate
;serverca = ~/.fedora-server-ca.cert
serverca = /etc/httpd/conf.d/ssl/ossiikojica.crt


kojihub.conf：

<Directory /usr/share/koji-hub>
        SetHandler mod_python
        PythonHandler kojixmlrpc
        PythonOption DBName koji
        PythonOption DBUser kevin
        PythonOption DBHost 127.0.0.1
        PythonOption KojiDir /mnt/koji

        # Kerberos auth configuration
        # PythonOption AuthPrincipal kojihub@EXAMPLE.COM
        # PythonOption AuthKeytab /etc/koji.keytab
        # PythonOption ProxyPrincipals kojihub@EXAMPLE.COM
        # format string for host principals (%s = hostname)
        # PythonOption HostPrincipalFormat compile/%s@EXAMPLE.COM
        # end Kerberos auth configuration

        # SSL client certificate auth configuration
        # the client username is the common name of the subject of their client certificate
        PythonOption DNUsernameComponent CN
        # separate multiple DNs with |
        # PythonOption ProxyDNs "/C=US/ST=Massachusetts/O=Example Org/OU=Example User/CN=example/emailAddress=example@example.com"
        PythonOption ProxyDNs "/C=TW/ST=Taiwan/O=OSSII/OU=Koji Hub Server/CN=OSSII Koji Server CA/emailAddress=kevin.lin@ossii.com.tw"
        # end SSL client certificate auth configuration

        PythonOption LoginCreatesUser On
        PythonOption KojiWebURL http://koji.ossii.com.tw/koji

        # The domain name that will be appended to Koji usernames
        # when creating email notifications
        PythonOption EmailDomain example.com
        # PythonOption KojiDebug On
        # PythonOption KojiTraceback "extended"
        # sending tracebacks to the client isn't very helpful for debugging xmlrpc
        PythonDebug Off
        # autoreload is mostly useless to us (it would only reload kojixmlrpc.py)
        PythonAutoReload Off
</Directory>

# uncomment this to enable authentication via SSL client certificates
<Location /kojihub>
        SSLOptions +StdEnvVars
</Location>
# these options must be enabled globally (in ssl.conf)
SSLVerifyClient require
SSLVerifyDepth  10

kojiweb.conf：

Alias /koji "/usr/share/koji-web/scripts/"

<Directory "/usr/share/koji-web/scripts/">
    # Config for the publisher handler
    SetHandler mod_python
    PythonHandler mod_python.publisher

    # General settings
    PythonDebug On
    PythonOption KojiHubURL http://koji.ossii.com.tw/kojihub
    PythonOption KojiWebURL http://koji.ossii.com.tw/koji
    PythonOption KojiPackagesURL http://koji.ossii.com.tw/koji/packages
    PythonOption WebPrincipal koji/kevin.lin@ossii.com.tw
    PythonOption WebKeytab /etc/httpd.keytab
    PythonOption WebCCache /var/tmp/kojiweb.ccache
    PythonOption WebCert /etc/httpd/conf.d/ssl/kojiweb.crt
    PythonOption ClientCA /etc/httpd/conf.d/ssl/kojiweb.key
    PythonOption KojiHubCA /etc/httpd/conf.d/ssl/ossiikojica.crt
    PythonOption LoginTimeout 72
    # This must be changed before deployment
    PythonOption Secret CHANGE_ME
    PythonPath "sys.path + ['/usr/share/koji-web/lib']"
    PythonCleanupHandler kojiweb.handlers::cleanup
    PythonAutoReload Off
</Directory>
<Location /koji/login>
    SSLOptions +StdEnvVars
</Location>
# these options must be enabled globally (in ssl.conf)
SSLVerifyClient require
SSLVerifyDepth  10

Alias /koji-static/ "/usr/share/koji-web/static/"

<Directory "/usr/share/koji-web/static/">
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

ssl.conf

SSLCertificateFile /etc/httpd/conf.d/ssl/kojihub.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/kojihub.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/ossiikojica.crt
SSLVerifyClient require
SSLVerifyDepth  10




--
=============================================================================
林毓能
Linul
RedHat Certified Engineer

TsLG網路工作室：http://www.tslg.idv.tw
TsLG城市午後：http://blog.tslg.idv.tw
Linul攝影紀實：http://photo.tslg.idv.tw
手機：0939797462
E-mail : kevin.linul@gmail.com; linul@tslg.idv.tw
=============================================================================