Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Build System (http://www.linux-archive.org/fedora-build-system/)
-   -   Koji Web User Login Auth problem (http://www.linux-archive.org/fedora-build-system/126910-koji-web-user-login-auth-problem.html)

Linul 07-18-2008 02:47 AM

Koji Web User Login Auth problem
 
Sorry...My setting is error....

PythonOption WebCert /root/genca/certs/kojiweb.pem -> PythonOption WebCert /root/genca/kojiweb.pem

but...another messages is feeback..

Mod_python error: "PythonHandler mod_python.publisher"


Traceback (most recent call last):

File "/usr/lib/python2.4/site-packages/mod_python/apache.py", line 299, in HandlerDispatch
result = object(req)

File "/usr/lib/python2.4/site-packages/mod_python/publisher.py", line 213, in handler

published = publish_object(req, object)

File "/usr/lib/python2.4/site-packages/mod_python/publisher.py", line 412, in publish_object
return publish_object(req,util.apply_fs_data(object, req.form, req=req))


File "/usr/lib/python2.4/site-packages/mod_python/util.py", line 439, in apply_fs_data
return object(**args)

File "/usr/share/koji-web/scripts/index.py", line 144, in login
if not _sslLogin(req, session, username):


File "/usr/share/koji-web/scripts/index.py", line 56, in _sslLogin
proxyuser=username)

File "__init__.py", line 1233, in ssl_login

File "__init__.py", line 1278, in callMethod


File "__init__.py", line 1304, in _callMethod

AuthError: /C=TW/ST=Taiwan/O=OSSII/CN=web.ossii.com.tw/emailAddress=kevin.lin@ossii.com.tw is not authorized to login other users




2008/7/18 Linul <kevin.linul@gmail.com>:

Hi..

I have already setup my koji-cli、 kojid、koji-hub、koji-web、kojira, and test ok,but still have a problem,it is web UI login

I have already import the cert. when I login the Web UI, the messages is:


Mod_python error: "PythonHandler mod_python.publisher"

Traceback (most recent call last):

File "/usr/lib/python2.4/site-packages/mod_python/apache.py", line 299, in HandlerDispatch


result = object(req)

File "/usr/lib/python2.4/site-packages/mod_python/publisher.py", line 213, in handler
published = publish_object(req, object)

File "/usr/lib/python2.4/site-packages/mod_python/publisher.py", line 412, in publish_object


return publish_object(req,util.apply_fs_data(object, req.form, req=req))

File "/usr/lib/python2.4/site-packages/mod_python/util.py", line 439, in apply_fs_data
return object(**args)

File "/usr/share/koji-web/scripts/index.py", line 144, in login


if not _sslLogin(req, session, username):

File "/usr/share/koji-web/scripts/index.py", line 56, in _sslLogin
proxyuser=username)

File "__init__.py", line 1232, in ssl_login



File "XMLRPCServerProxy.py", line 74, in __init__

File "SSLCommon.py", line 38, in CreateSSLContext

StandardError: /root/genca/certs/kojiweb.pem does not exist or is not readable


My kojiweb.conf:

*** PythonDebug On
*** PythonOption KojiHubURL http://koji.ossii.com.tw/kojihub
*** PythonOption KojiWebURL http://koji.ossii.com.tw/koji


*** PythonOption KojiPackagesURL http://koji.ossii.com.tw/koji/packages
*** #PythonOption WebPrincipal koji/kevin.lin@ossii.com.tw


*** #PythonOption WebKeytab /etc/httpd.keytab
*** #PythonOption WebCCache /var/tmp/kojiweb.ccache
*** PythonOption WebCert /root/genca/certs/kojiweb.pem
*** PythonOption ClientCA /root/genca/koji_ca_cert.crt

*** PythonOption KojiHubCA /root/genca/koji_ca_cert.crt


My web user is "admin", and have a record in postgresql, also can user koji instruction as normal.

and I create the web cert step is:

openssl pkcs12 -export -inkey certs/admin.key -in certs/admin.crt -CAfile koji_ca_cert.crt


-out certs/admin_browser_cert.p12

thanks..

--
================================================== ===========================
林毓能
Linul
RedHat Certified Engineer

TsLG網路工作室:http://www.tslg.idv.tw


TsLG城市午後:http://blog.tslg.idv.tw
Linul攝影紀實:http://photo.tslg.idv.tw
手機:0939797462
E-mail : kevin.linul@gmail.com; linul@tslg.idv.tw


================================================== ===========================



--
================================================== ===========================
林毓能
Linul
RedHat Certified Engineer

TsLG網路工作室:http://www.tslg.idv.tw

TsLG城市午後:http://blog.tslg.idv.tw
Linul攝影紀實:http://photo.tslg.idv.tw
手機:0939797462
E-mail : kevin.linul@gmail.com; linul@tslg.idv.tw

================================================== ===========================

--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list

Dennis Gilmore 07-18-2008 02:50 AM

Koji Web User Login Auth problem
 
On Thursday 17 July 2008, Linul wrote:
> Hi..
>
> I have already setup my koji-cli、 kojid、koji-hub、koji-web、kojira, and test
> ok,but still have a problem,it is web UI login
>
> I have already import the cert. when I login the Web UI, the messages is:
>

> StandardError: /root/genca/certs/kojiweb.pem does not exist or is not
> readable
apache runs as user apache it cant read files in roots ~ you need to make
sure the webserver can read the certs. I'm betting an authenticated cli
command will fail exactly the same way. most cli tasks are unauthenticated.


--
Dennis Gilmore


--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list

Dennis Gilmore 07-18-2008 03:17 AM

Koji Web User Login Auth problem
 
On Thursday 17 July 2008, Linul wrote:
> Sorry...My setting is error....

>
> AuthError:
> /C=TW/ST=Taiwan/O=OSSII/CN=web.ossii.com.tw/emailAddress=kevin.lin@ossii.co
>m.tw is not authorized to login other users
you need to set
PythonOption ProxyDNs
"/C=TW/ST=Taiwan/O=OSSII/CN=web.ossii.com.tw/emailAddress=kevin.lin@ossii.com.tw"
in /etc/httpd/conf.d/kojihub.conf

--
Dennis Gilmore

--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list


All times are GMT. The time now is 01:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.