Steve, do you want us to take a look at your configs?
And can you provide a step-by-step example of what you have done?
Sure.
I went through the
http://fedoraproject.org/wiki/Koji/ServerHowTo document
and follow the kerberos installation instructions.
* I set up a DNS record as instructed (_kerberos._udp IN SRV 10 100 88 ...)
* U added the principals into IPA but used:
host/kojihub(a)bpbuild001.co0.beatportcorp.net
not
host/kojihub(a)AUTH.BEATPORCORP.NET
(could this be an issue?)
All krb principals added to IPA for koji:
# ipa-addservice
host/bpbuild001.co0.nar.beatportcorp.net
# ipa-addservice HTTP/bpbuild001.co0.nar.beatportcorp.net
# ipa-addservice
koji/bpbuild001.co0.nar.beatportcorp.net
# ipa-addservice
compile/bpbuild001.co0.nar.beatportcorp.net
* I set up psql - seems to be working properly.
* I can get a normal krb ticket as myself on the koji server just fine
* I inserted the users into psql as instructed on the howto
* Some config files:
/etc/koji-hub/hub.conf:
[hub]
DBName = koji
DBUser = koji
DBHost = bpbuild001.co0
KojiDir = /data/koji
LoginCreatesUser = On
KojiWebURL =
http://bpbuild001.co0.nar.beatportcorp.net/koji
NotifyOnSuccess = True
AuthPrincipal
host/bpbuild001.co0.nar.beatportcorp.net
AuthKeytab /etc/koji.keytab
ProxyPrincipals
koji/bpbuild001.co0.nar.beatportcorp.net
HostPrincipalFormat
compile/bpbuild001.co0.nar.beatportcorp.net
Anything else you need from me to help debug?
- Steve Webb
--
Steve Webb | System Administrator
Beatport | Music for DJ's
------------------------------------------
2399 Blake Street, Suite 170
Denver, Colorado USA 80205
tel: +1.720.932.9103
fax: +1.720.932.9104
noc: +1.303.565.2710
mobile: +1.303.564.4269