From b13487d34feeae06e1628d31dc6b7a9092d0863c Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Tue, 21 Apr 2020 10:54:54 -0600 Subject: [PATCH 1/2] kojira: remove duplicate Kerberos configuration boilerplate eea730300a5e6b40bf8c041a71b3f3c567de4abe added a dedicated section for Kerberos authentication to kojira.conf. It refers to the canonical location /etc/kojira/kojira.keytab. Prior to this change, there were two "kerberos" sections in kojira.conf. Remove the older stale one, since that refers to the old "/etc/kojira.keytab" file path, and f232e491941e888e4713a815148a00736445e7d4 defaults to /etc/kojira/kojira.keytab instead. --- util/kojira.conf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/util/kojira.conf b/util/kojira.conf index 4d70695c..e5cb8e7f 100644 --- a/util/kojira.conf +++ b/util/kojira.conf @@ -3,12 +3,6 @@ ; user=kojira ; password=kojira -; For Kerberos authentication -; the principal to connect with -principal=koji/repo@EXAMPLE.COM -; The location of the keytab for the principal above -keytab=/etc/kojira.keytab - ; The URL for the koji hub server server=http://hub.example.com/kojihub From c932f4cdbc056c88f2e12eb366ef218fa5d69d96 Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Tue, 21 Apr 2020 10:58:41 -0600 Subject: [PATCH 2/2] doc: use newer configuration boilerplate for kojira The Server Howto documentation describes how to configure Kerberos authentication in kojira.conf. Prior to this change, the Server Howto documentation's boilerplate configuration copied the older stale format. eea730300a5e6b40bf8c041a71b3f3c567de4abe added a dedicated section for Kerberos authentication to kojira.conf. Copy this newer format into the Server Howto documentation. This also updates our Server Howto document to use the default /etc/kojira/kojira.keytab file path, which we added in f232e491941e888e4713a815148a00736445e7d4. --- docs/source/server_howto.rst | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/docs/source/server_howto.rst b/docs/source/server_howto.rst index 4b026958..a371fd60 100644 --- a/docs/source/server_howto.rst +++ b/docs/source/server_howto.rst @@ -1313,11 +1313,19 @@ Authentication Configuration :: - ; For Kerberos authentication - ; the principal to connect with - principal=koji/kojira@EXAMPLE.COM - ; The location of the keytab for the principal above - keytab=/etc/kojira.keytab + ;configuration for Kerberos authentication + + ;the kerberos principal to use + ;principal = kojira@EXAMPLE.COM + + ;location of the keytab + ;keytab = /etc/kojira/kojira.keytab + + ;the service name of the principal being used by the hub + ;krbservice = host + + ;The realm of server principal. Using client's realm if not set + ;krb_server_realm = EXAMPLE.COM ``/etc/sysconfig/kojira`` The local user kojira runs as needs to be able to read and write to