Hi there,
I've recently been setting up a koji environment. I've been relying heavily
on the docs http://fedoraproject.org/wiki/Koji/ServerHowTo. The docs have
been a great help.
However, I ran into a small issue when modifying the ProxyDNs option in
/etc/koji-hub/hub.conf
DNUsernameComponent = CN
ProxyDNs = "/C=US/ST=Massachusetts/O=Example Org/OU=Example
User/CN=example/[email protected]"
I had problems with the server responding with: "(user) is not authorized to
login other users". I did change the value to my cert's settings.
Turns out that if I removed the quotes then everything is happy.
I'm not sure if it is intended to allow a quoted string for this option or
not, considering the current behaviour is to split multiple ProxyDNs' via |
Attached is a patch that will help avoid users seeing the above message when
authenticating with SSL. Of course, removing the quotes from your config
will correct the issue; the patch merely tries to avoid the problem by
removing quotes from the string when the client_dn is sought in the *if
<string> in <list>* statement.
diff --git a/koji/auth.py b/koji/auth.py
index e69f1fa..1a00346 100644
--- a/koji/auth.py
+++ b/koji/auth.py
@@ -374,7 +374,7 @@ class Session(object):
if proxyuser:
client_dn = env.get('SSL_CLIENT_S_DN')
- proxy_dns = [dn.strip() for dn in context.opts.get('ProxyDNs', '').split('|')]
+ proxy_dns = [dn.strip() for dn in (context.opts.get('ProxyDNs', '').strip('\'"')).split('|')]
if client_dn in proxy_dns:
# the SSL-authenticated user authorized to login other users
username = proxyuser
--
buildsys mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/buildsys
