Koji CLI Auth problem

Tue, 15 Jul 2008 20:07:06 -0700 

HI:

I'm using CentOS 5.2 for my Koji Server, but now I have a problem about Koji
CLI auth.

According the wiki document in
http://fedoraproject.org/wiki/Koji/ServerHowTo , I setup my
Koji-hub、Koji-web、postgresql

, and have a koji web interface.

I also setup my CA Center,and configure the
kojiweb.conf、kojihub.conf、/etc/koji.conf.

But when i execute the koji command with no username and password, the
messages  is:

Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL routines',
'SSL_CTX_use_PrivateKey_file', 'PEM lib')]

why?

thanks.....


/etc/koji.conf:

[koji]

;configuration for koji cli tool

;url of XMLRPC server
;server = http://koji.fedoraproject.org/kojihub
server = http://koji.ossii.com.tw/kojihub

;url of web interface
;weburl = http://koji.fedoraproject.org/koji
weburl = http://koji.ossii.com.tw/koji

;url of package download site
;pkgurl = http://koji.fedoraproject.org/packages
pkgurl = http://koji.ossii.com.tw/packages

;path to the koji top directory
topdir = /mnt/koji

;configuration for SSL athentication

;client certificate
;cert = ~/.fedora.cert
cert = /etc/kojid/kojiadmin.crt

;certificate of the CA that issued the client certificate
;ca = ~/.fedora-upload-ca.cert
ca = /etc/kojid/kojiadmin.key

;certificate of the CA that issued the HTTP server certificate
;serverca = ~/.fedora-server-ca.cert
serverca = /etc/httpd/conf.d/ssl/ossiikojica.crt


kojihub.conf:

<Directory /usr/share/koji-hub>
        SetHandler mod_python
        PythonHandler kojixmlrpc
        PythonOption DBName koji
        PythonOption DBUser kevin
        PythonOption DBHost 127.0.0.1
        PythonOption KojiDir /mnt/koji

        # Kerberos auth configuration
        # PythonOption AuthPrincipal [EMAIL PROTECTED]
        # PythonOption AuthKeytab /etc/koji.keytab
        # PythonOption ProxyPrincipals [EMAIL PROTECTED]
        # format string for host principals (%s = hostname)
        # PythonOption HostPrincipalFormat compile/[EMAIL PROTECTED]
        # end Kerberos auth configuration

        # SSL client certificate auth configuration
        # the client username is the common name of the subject of their
client certificate
        PythonOption DNUsernameComponent CN
        # separate multiple DNs with |
        # PythonOption ProxyDNs "/C=US/ST=Massachusetts/O=Example
Org/OU=Example User/CN=example/[EMAIL PROTECTED]"
        PythonOption ProxyDNs "/C=TW/ST=Taiwan/O=OSSII/OU=Koji Hub
Server/CN=OSSII Koji Server CA/[EMAIL PROTECTED]"
        # end SSL client certificate auth configuration

        PythonOption LoginCreatesUser On
        PythonOption KojiWebURL http://koji.ossii.com.tw/koji

        # The domain name that will be appended to Koji usernames
        # when creating email notifications
        PythonOption EmailDomain example.com
        # PythonOption KojiDebug On
        # PythonOption KojiTraceback "extended"
        # sending tracebacks to the client isn't very helpful for debugging
xmlrpc
        PythonDebug Off
        # autoreload is mostly useless to us (it would only reload
kojixmlrpc.py)
        PythonAutoReload Off
</Directory>

# uncomment this to enable authentication via SSL client certificates
<Location /kojihub>
        SSLOptions +StdEnvVars
</Location>
# these options must be enabled globally (in ssl.conf)
SSLVerifyClient require
SSLVerifyDepth  10

kojiweb.conf:

Alias /koji "/usr/share/koji-web/scripts/"

<Directory "/usr/share/koji-web/scripts/">
    # Config for the publisher handler
    SetHandler mod_python
    PythonHandler mod_python.publisher

    # General settings
    PythonDebug On
    PythonOption KojiHubURL http://koji.ossii.com.tw/kojihub
    PythonOption KojiWebURL http://koji.ossii.com.tw/koji
    PythonOption KojiPackagesURL http://koji.ossii.com.tw/koji/packages
    PythonOption WebPrincipal koji/[EMAIL PROTECTED]
    PythonOption WebKeytab /etc/httpd.keytab
    PythonOption WebCCache /var/tmp/kojiweb.ccache
    PythonOption WebCert /etc/httpd/conf.d/ssl/kojiweb.crt
    PythonOption ClientCA /etc/httpd/conf.d/ssl/kojiweb.key
    PythonOption KojiHubCA /etc/httpd/conf.d/ssl/ossiikojica.crt
    PythonOption LoginTimeout 72
    # This must be changed before deployment
    PythonOption Secret CHANGE_ME
    PythonPath "sys.path + ['/usr/share/koji-web/lib']"
    PythonCleanupHandler kojiweb.handlers::cleanup
    PythonAutoReload Off
</Directory>
<Location /koji/login>
    SSLOptions +StdEnvVars
</Location>
# these options must be enabled globally (in ssl.conf)
SSLVerifyClient require
SSLVerifyDepth  10

Alias /koji-static/ "/usr/share/koji-web/static/"

<Directory "/usr/share/koji-web/static/">
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

ssl.conf

SSLCertificateFile /etc/httpd/conf.d/ssl/kojihub.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/kojihub.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/ossiikojica.crt
SSLVerifyClient require
SSLVerifyDepth  10




-- 
=============================================================================
林毓能
Linul
RedHat Certified Engineer

TsLG網路工作室:http://www.tslg.idv.tw
TsLG城市午後:http://blog.tslg.idv.tw
Linul攝影紀實:http://photo.tslg.idv.tw
手機:0939797462
E-mail : [EMAIL PROTECTED]; [EMAIL PROTECTED]
=============================================================================

--
Fedora-buildsys-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list

Reply via email to