Re: upcoming build and release developer flag day December 12 2016

Mon, 21 Nov 2016 01:33:52 -0800 


Dne 20.11.2016 v 02:11 Dennis Gilmore napsal(a):
> koji authentication will be switching to Kerberos. Koji supports multiple 
> authentication mechanisms. Fedora infrastructure has set up a freeipa 
> instance 
> internally that has credential syncing to fas. We are working on ensuring 
> that 
> gssapi caching is supported so that you can have multiple TGT's and the 
> ability to work in multiple reams at once.

So what is the status here? Can you elaborate? It does not look like I
can use this now. E.g. this works:

```
$ kinit vondr...@fedoraproject.org
Password for vondr...@fedoraproject.org:

$ fedpkg scratch-build
Your git configuration does not use a namespace.
Consider updating your git configuration by running:
  git remote set-url origin ssh://vondr...@pkgs.fedoraproject.org/rpms/ruby
Building ruby-2.2.6-50.fc23 for f23-candidate
Created task: 16551355
```

But using another TGT does not:

```
$ kinit vondr...@redhat.com
Password for vondr...@redhat.com:

$ klist -A
Ticket cache: KEYRING:persistent:16025:krb_ccache_GGcdkLO
Default principal: vondr...@redhat.com

Valid starting       Expires              Service principal
21.11.2016 10:29:22  21.11.2016 20:29:22  krbtgt/redhat....@redhat.com

Ticket cache: KEYRING:persistent:16025:krb_ccache_Bq2ZU0r
Default principal: vondr...@fedoraproject.org

Valid starting       Expires              Service principal
21.11.2016 10:29:04  22.11.2016 10:28:55 
host/koji.fedoraproject....@fedoraproject.org
    renew until 28.11.2016 10:28:55
21.11.2016 10:28:59  22.11.2016 10:28:55 
krbtgt/fedoraproject....@fedoraproject.org
    renew until 28.11.2016 10:28:55


$ fedpkg scratch-build
Your git configuration does not use a namespace.
Consider updating your git configuration by running:
  git remote set-url origin ssh://vondr...@pkgs.fedoraproject.org/rpms/ruby
Could not execute scratch_build: (-1765328377, 'Server not found in
Kerberos database')
```

BTW it would be nice, if it works with SSSD somehow and I don't need to
use kinit at all.


Vít

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Reply via email to