koji using krb - having problems

steve.webb at beatport.com steve.webb at beatport.com
Wed Dec 29 16:06:11 UTC 2010 

Still stuck here.  Anyone around during the holidays that can help?

- Steve

On Fri, 17 Dec 2010, steve.webb at beatport.com wrote:

> Ok, all changed, still no-go:
>
> [root at bpbuild001 ~]# tail /etc/koji-hub/hub.conf
> ## If ServerOffline is True, the server will always report a ServerOffline fault (with
> ## OfflineMessage as the fault string).
> ## If LockOut is True, the server will report a ServerOffline fault for all non-admin
> ## requests.
>
> AuthPrincipal = host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
> AuthKeytab = /etc/krb5.keytab
> ProxyPrincipals = koji/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
> HostPrincipalFormat = compile/%s at AUTH.BEATPORTCORP.NET
>
> [root at bpbuild001 ~]# klist -k /etc/krb5.keytab
> Keytab name: WRFILE:/etc/krb5.keytab
> KVNO Principal
> ---- --------------------------------------------------------------------------
>    1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>    1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>    1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
>    1 host/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
> [root at bpbuild001 ~]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: swebb at AUTH.BEATPORTCORP.NET
>
> Valid starting     Expires            Service principal
> 12/17/10 15:36:29  12/18/10 03:30:18  krbtgt/AUTH.BEATPORTCORP.NET at AUTH.BEATPORTCORP.NET
> [root at bpbuild001 ~]# su - koji
> [koji at bpbuild001 ~]$ psql
> psql (8.4.5)
> Type "help" for help.
>
> koji=> select * from users;
>  id | name  | password | status | usertype |                         krb_principal
> ----+-------+----------+--------+----------+----------------------------------------------------------------
>   2 | swebb |          |      0 |        0 | swebb at AUTH.BEATPORTCORP.NET
>   1 | koji  |          |      0 |        0 | koji/bpbuild001.co0.nar.beatportcorp.net at AUTH.BEATPORTCORP.NET
> (2 rows)
>
> koji=> \q
> [koji at bpbuild001 ~]$ logout
> [root at bpbuild001 ~]# koji add-user kojira
> Kerberos authentication failed: Server not found in Kerberos database (-1765328377)
>
> Q: The error now says "Server not found" - should the principal in psql be
> host/...  ??
>
> - Steve

-- 
Steve Webb | System Administrator
Beatport | Play With Music
------------------------------------------
2399 Blake Street, Suite 170
Denver, Colorado USA 80205
tel: +1.720.932.9103
fax: +1.720.932.9104
noc: +1.303.565.2710
mobile: +1.303.564.4269

More information about the buildsys mailing list