Re: koji using krb - having problems

[steve . webb]

Ok.

I got a krb ticket, gave myself a admin privs, then tried to add a user as 
myself and I'm still getting "authentication failed".

koji=> insert into users (name, krb_principal, status, usertype) values 
('swebb', 'sw...@auth.beatportcorp.net', 0, 0);
INSERT 0 1
koji=> select * from users;
  id | name  | password | status | usertype |              krb_principal 
----+-------+----------+--------+----------+------------------------------------------
   1 | koji  |          |      0 |        0 | 
k...@bpbuild001.co0.nar.beatportcorp.net
   2 | swebb |          |      0 |        0 | sw...@auth.beatportcorp.net
(2 rows)

koji=> insert into user_perms (user_id, perm_id, creator_id) values (2, 1, 2);
INSERT 0 1
koji=> select * from user_perms;
  user_id | perm_id | create_event | revoke_event | creator_id | revoker_id | 
active 
---------+---------+--------------+--------------+------------+------------+--------
        1 |       1 |            1 |              |          1 |            | t
        2 |       1 |            2 |              |          2 |            | t
(2 rows)

[r...@bpbuild001 etc]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: sw...@auth.beatportcorp.net

Valid starting     Expires            Service principal
12/17/10 09:39:56  12/17/10 21:37:58  
krbtgt/auth.beatportcorp....@auth.beatportcorp.net
[r...@bpbuild001 etc]# koji add-user kojira
Kerberos authentication failed: Server not found in Kerberos database 
(-1765328377)

Is there still something missing?

- Steve Webb

On Thu, 16 Dec 2010, Anthony Messina wrote:

> On 12/16/2010 06:14 PM, steve.w...@beatport.com wrote:
>> [r...@bpbuild001 etc]# koji add-user kojira
>> Unable to log in, no authentication methods available
>>
>> The document doesn't have any methods to verify/debug that I've gotten the
>> krb configs correct..  Is there a way to debug that I've done the krb
>> configs properly?
>
> You are doing this under the root account.  I'm guessing that your root
> user might not be the koji administrative user you added during setup
> and that you don't have kerberos credentials as that administrative user.
>
> If the koji admin user you created had a username of 'steve' and
> kerberos principal of st...@example.com, then if you are logged in as
> 'steve' and have done a kinit st...@example.com, you should then be able
> to perform the tasks.
>
> -A
>
>

-- 
Steve Webb | System Administrator
Beatport | Music for DJ's
------------------------------------------
2399 Blake Street, Suite 170
Denver, Colorado USA 80205
tel: +1.720.932.9103
fax: +1.720.932.9104
noc: +1.303.565.2710
mobile: +1.303.564.4269
--
buildsys mailing list
buildsys@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/buildsys