- enable use of a Kerberos service name other than host/ on the hub

- get the Kerberos realm from the client principal, rather than assuming the last two components of the domain name
2011-01-06 15:54:53 -05:00 · 2011-01-06 15:54:53 -05:00 · eea730300a
commit eea730300a
parent 93f20257f3
13 changed files with 64 additions and 22 deletions
--- a/vm/kojivmd
+++ b/vm/kojivmd
@ -121,6 +121,7 @@ def get_options():
                'host_principal_format': 'compile/%s@EXAMPLE.COM',
                'keytab': '/etc/kojivmd/kojivmd.keytab',
                'ccache': '/var/tmp/kojivmd.ccache',
+                'krbservice': 'host',
                'server': None,
                'user': None,
                'password': None,
@ -1001,7 +1002,7 @@ if __name__ == "__main__":

    #build session options
    session_opts = {}
-    for k in ('user','password','debug_xmlrpc', 'debug',
+    for k in ('user', 'password', 'krbservice', 'debug_xmlrpc', 'debug',
              'retry_interval', 'max_retries', 'offline_retry', 'offline_retry_interval'):
        v = getattr(options, k, None)
        if v is not None:
--- a/vm/kojivmd.conf
+++ b/vm/kojivmd.conf
@ -33,6 +33,18 @@ smtphost=example.com
 ; The From address used when sending email notifications
 from_addr=Koji Build System <buildsys@example.com>

+;configuration for Kerberos authentication
+
+;the format of the principal used by the build hosts
+;%s will be replaced by the FQDN of the host
+;host_principal_format = compile/%s@EXAMPLE.COM
+
+;location of the keytab
+;keytab = /etc/kojivmd/kojivmd.keytab
+
+;the service name of the principal being used by the hub
+;krbservice = host
+
 ;configuration for SSL authentication

 ;client certificate