Ok.
I got a krb ticket, gave myself a admin privs, then tried to add a user as
myself and I'm still getting "authentication failed".
koji=> insert into users (name, krb_principal, status, usertype) values
('swebb', 'swebb(a)AUTH.BEATPORTCORP.NET', 0, 0);
INSERT 0 1
koji=> select * from users;
id | name | password | status | usertype | krb_principal
----+-------+----------+--------+----------+------------------------------------------
1 | koji | | 0 | 0 | koji(a)bpbuild001.co0.nar.beatportcorp.net
2 | swebb | | 0 | 0 | swebb(a)AUTH.BEATPORTCORP.NET
(2 rows)
koji=> insert into user_perms (user_id, perm_id, creator_id) values (2, 1, 2);
INSERT 0 1
koji=> select * from user_perms;
user_id | perm_id | create_event | revoke_event | creator_id | revoker_id | active
---------+---------+--------------+--------------+------------+------------+--------
1 | 1 | 1 | | 1 | | t
2 | 1 | 2 | | 2 | | t
(2 rows)
[root@bpbuild001 etc]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: swebb(a)AUTH.BEATPORTCORP.NET
Valid starting Expires Service principal
12/17/10 09:39:56 12/17/10 21:37:58 krbtgt/AUTH.BEATPORTCORP.NET(a)AUTH.BEATPORTCORP.NET
[root@bpbuild001 etc]# koji add-user kojira
Kerberos authentication failed: Server not found in Kerberos database (-1765328377)
Is there still something missing?
- Steve Webb
On Thu, 16 Dec 2010, Anthony Messina wrote:
On 12/16/2010 06:14 PM, steve.webb(a)beatport.com wrote:
> [root@bpbuild001 etc]# koji add-user kojira
> Unable to log in, no authentication methods available
>
> The document doesn't have any methods to verify/debug that I've gotten the
> krb configs correct.. Is there a way to debug that I've done the krb
> configs properly?
You are doing this under the root account. I'm guessing that your root
user might not be the koji administrative user you added during setup
and that you don't have kerberos credentials as that administrative user.
If the koji admin user you created had a username of 'steve' and
kerberos principal of steve(a)EXAMPLE.COM, then if you are logged in as
'steve' and have done a kinit steve(a)EXAMPLE.COM, you should then be able
to perform the tasks.
-A
--
Steve Webb | System Administrator
Beatport | Music for DJ's
------------------------------------------
2399 Blake Street, Suite 170
Denver, Colorado USA 80205
tel: +1.720.932.9103
fax: +1.720.932.9104
noc: +1.303.565.2710
mobile: +1.303.564.4269