[k...@bpbuild001 ~]$ psql psql (8.4.5) Type "help" for help. koji=> select * from users; id | name | password | status | usertype | krb_principal ----+-------+----------+--------+----------+---------------------------------------------------------------- 2 | swebb | | 0 | 0 | [email protected] 1 | koji | | 0 | 0 | koji/[email protected] (2 rows)
koji=> \q [k...@bpbuild001 ~]$ koji add-user kojira Kerberos authentication failed: Matching credential not found (-1765328243) [k...@bpbuild001 ~]$ kinit swebb Password for [email protected]: [k...@bpbuild001 ~]$ klist Ticket cache: FILE:/tmp/krb5cc_500 Default principal: [email protected] Valid starting Expires Service principal 01/05/11 10:15:13 01/05/11 22:14:30 krbtgt/[email protected] [k...@bpbuild001 ~]$ cat /etc/koji.conf [koji] ;configuration for koji cli tool ;url of XMLRPC server server = http://bpbuild001.co0.nar.beatportcorp.net/kojihub ;url of web interface weburl = http://bpbuild001.co0.nar.beatportcorp.net/koji ;url of package download site pkgurl = http://bpbuild001.co0.nar.beatportcorp.net/packages ;path to the koji top directory topdir = /mnt/koji ;configuration for SSL authentication ;client certificate cert = ~/.fedora.cert ;certificate of the CA that issued the client certificate ca = ~/.fedora-server-ca.cert ;certificate of the CA that issued the HTTP server certificate serverca = ~/.fedora-server-ca.cert [k...@bpbuild001 ~]$ klist -kt /etc/krb5.keytab host/[email protected] Extra arguments (starting with "host/[email protected]"). Usage: klist [-e] [-V] [[-c] [-d] [-f] [-s] [-a [-n]]] [-k [-t] [-K]] [name] -c specifies credentials cache -k specifies keytab (Default is credentials cache) -e shows the encryption type -V shows the Kerberos version and exits options for credential caches: -d shows the submitted authorization data types -f shows credentials flags -s sets exit status based on valid tgt existence -a displays the address list -n do not reverse-resolve options for keytabs: -t shows keytab entry timestamps -K shows keytab entry DES keys [k...@bpbuild001 ~]$ klist -kt /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab klist: Permission denied while starting keytab scan [k...@bpbuild001 ~]$ logout [r...@bpbuild001 ~]# klist -kt /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 1 12/15/10 10:49:18 host/[email protected] 1 12/15/10 10:49:19 host/[email protected] 1 12/15/10 10:49:19 host/[email protected] 1 12/15/10 10:49:19 host/[email protected] [r...@bpbuild001 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 01/05/11 09:49:04 01/05/11 21:48:17 krbtgt/[email protected] - Steve On Mon, 3 Jan 2011, Mike Bonnet wrote: > On 12/29/2010 11:06 AM, [email protected] wrote: >> Still stuck here. Anyone around during the holidays that can help? > > Could you post the /etc/koji.conf from the client machine (the machine > where you're running "koji add-user kojira")? > > Also, try running: > > klist -kt /etc/krb5.keytab \ > host/[email protected] > > and then klist, and post the output of both commands. > >> - Steve >> >> On Fri, 17 Dec 2010, [email protected] wrote: >> >>> Ok, all changed, still no-go: >>> >>> [r...@bpbuild001 ~]# tail /etc/koji-hub/hub.conf >>> ## If ServerOffline is True, the server will always report a ServerOffline >>> fault (with >>> ## OfflineMessage as the fault string). >>> ## If LockOut is True, the server will report a ServerOffline fault for all >>> non-admin >>> ## requests. >>> >>> AuthPrincipal = >>> host/[email protected] >>> AuthKeytab = /etc/krb5.keytab >>> ProxyPrincipals = >>> koji/[email protected] >>> HostPrincipalFormat = compile/%[email protected] >>> >>> [r...@bpbuild001 ~]# klist -k /etc/krb5.keytab >>> Keytab name: WRFILE:/etc/krb5.keytab >>> KVNO Principal >>> ---- >>> -------------------------------------------------------------------------- >>> 1 host/[email protected] >>> 1 host/[email protected] >>> 1 host/[email protected] >>> 1 host/[email protected] >>> [r...@bpbuild001 ~]# klist >>> Ticket cache: FILE:/tmp/krb5cc_0 >>> Default principal: [email protected] >>> >>> Valid starting Expires Service principal >>> 12/17/10 15:36:29 12/18/10 03:30:18 >>> krbtgt/[email protected] >>> [r...@bpbuild001 ~]# su - koji >>> [k...@bpbuild001 ~]$ psql >>> psql (8.4.5) >>> Type "help" for help. >>> >>> koji=> select * from users; >>> id | name | password | status | usertype | >>> krb_principal >>> ----+-------+----------+--------+----------+---------------------------------------------------------------- >>> 2 | swebb | | 0 | 0 | [email protected] >>> 1 | koji | | 0 | 0 | >>> koji/[email protected] >>> (2 rows) >>> >>> koji=> \q >>> [k...@bpbuild001 ~]$ logout >>> [r...@bpbuild001 ~]# koji add-user kojira >>> Kerberos authentication failed: Server not found in Kerberos database >>> (-1765328377) >>> >>> Q: The error now says "Server not found" - should the principal in psql be >>> host/... ?? >>> >>> - Steve >> > > -- > buildsys mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/buildsys > -- Steve Webb | System Administrator Beatport | Play With Music ------------------------------------------ 2399 Blake Street, Suite 170 Denver, Colorado USA 80205 tel: +1.720.932.9103 fax: +1.720.932.9104 noc: +1.303.565.2710 mobile: +1.303.564.4269 -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
