remove deprecated krbV support

Fixes: https://pagure.io/koji/issue/1991

util/koji-gc.conf

@@ -16,12 +16,6 @@ unprotected_keys =
 server = https://koji.fedoraproject.org/kojihub
 weburl = https://koji.fedoraproject.org/koji
 
-# The service name of the principal being used by the hub
-#krbservice = host
-
-## The realm of server principal. Using client's realm if not set
-# krb_server_realm = EXAMPLE.COM
-
 # The domain name that will be appended to Koji usernames
 # when creating email notifications
 #email_domain = fedoraproject.org

util/koji-shadow

@@ -44,11 +44,6 @@ from six.moves import range
 import koji
 from koji.util import to_list
 
-try:
-    import krbV
-except ImportError:  # pragma: no cover
-    krbV = None
-
 # koji.fp.o keeps stalling, probably network errors...
 # better to time out than to stall
 socket.setdefaulttimeout(180)  # XXX - too short?
@@ -82,8 +77,6 @@ def get_options():
                       help=_("use alternate configuration file"))
     parser.add_option("--keytab", help=_("specify a Kerberos keytab to use"))
     parser.add_option("--principal", help=_("specify a Kerberos principal to use"))
-    parser.add_option("--krbservice", help=_("the service name of the"
-                                             " principal being used by the hub"))
     parser.add_option("--runas", metavar="USER",
                       help=_("run as the specified user (requires special privileges)"))
     parser.add_option("--user", help=_("specify user"))
@@ -305,17 +298,12 @@ def activate_session(session):
     elif options.user:
         # authenticate using user/password
         session.login()
-    elif krbV:
-        try:
-            if options.keytab and options.principal:
-                session.krb_login(principal=options.principal, keytab=options.keytab,
-                                  proxyuser=options.runas)
-            else:
-                session.krb_login(proxyuser=options.runas)
-        except krbV.Krb5Error as e:
-            error(_("Kerberos authentication failed: '%s' (%s)") % (e.args[1], e.args[0]))
-        except socket.error as e:
-            warn(_("Could not connect to Kerberos authentication service: '%s'") % e.args[1])
+    else:
+        if options.keytab and options.principal:
+            session.gssapi_login(principal=options.principal, keytab=options.keytab,
+                                 proxyuser=options.runas)
+        else:
+            session.gssapi_login(proxyuser=options.runas)
     if not options.noauth and not session.logged_in:
         error(_("Error: unable to log in"))
     ensure_connection(session)

util/koji-shadow.conf

@@ -3,8 +3,4 @@
 
 [main]
 server=http://localhost/kojihub/
-krbservice=host
 remote=https://koji.fedoraproject.org/kojihub
-
-## The realm of server principal. Using client's realm if not set
-# krb_server_realm = EXAMPLE.COM

util/koji-sidetag-cleanup

@@ -33,8 +33,6 @@ def get_options():
     parser.add_option("-s", "--server", help=_("url of koji XMLRPC server"))
     parser.add_option("--keytab", help=_("specify a Kerberos keytab to use"))
     parser.add_option("--principal", help=_("specify a Kerberos principal to use"))
-    parser.add_option("--krbservice", default="host",
-                      help=_("the service name of the principal being used by the hub"))
     parser.add_option("--krb-rdns", action="store_true", default=False,
                       help=_("get reverse dns FQDN for krb target"))
     parser.add_option("--krb-canon-host", action="store_true", default=False,
@@ -88,9 +86,6 @@ def get_options():
             # name, alias, type
             ['keytab', None, 'string'],
             ['principal', None, 'string'],
-            ['krbservice', None, 'string'],
-            ['krb_rdns', None, 'boolean'],
-            ['krb_canon_host', None, 'boolean'],
             ['runas', None, 'string'],
             ['user', None, 'string'],
             ['password', None, 'string'],

util/kojira

@@ -1082,10 +1082,6 @@ def get_options():
                 'principal': None,
                 'keytab': '/etc/kojira/kojira.keytab',
                 'ccache': '/var/tmp/kojira.ccache',
-                'krbservice': 'host',
-                'krb_rdns': True,
-                'krb_canon_host': False,
-                'krb_server_realm': None,
                 'retry_interval': 60,
                 'max_retries': 120,
                 'offline_retry': True,
@@ -1114,10 +1110,10 @@ def get_options():
                     'delete_batch_size', 'dist_repo_lifetime', 'sleeptime',
                     'recent_tasks_lifetime')
         str_opts = ('topdir', 'server', 'user', 'password', 'logfile', 'principal', 'keytab',
-                    'krbservice', 'cert', 'ca', 'serverca', 'debuginfo_tags', 'queue_file',
+                    'cert', 'ca', 'serverca', 'debuginfo_tags', 'queue_file',
                     'source_tags', 'separate_source_tags', 'ignore_tags')  # FIXME: remove ca here
         bool_opts = ('verbose', 'debug', 'ignore_stray_repos', 'offline_retry',
-                     'krb_rdns', 'krb_canon_host', 'no_ssl_verify', 'check_external_repos')
+                     'no_ssl_verify', 'check_external_repos')
         legacy_opts = ('with_src')
         for name in config.options(section):
             if name in int_opts:
@@ -1195,8 +1191,8 @@ if __name__ == "__main__":
     elif options.user:
         # authenticate using user/password
         session.login()
-    elif (koji.krbV or koji.requests_kerberos) and options.principal and options.keytab:
-        session.krb_login(options.principal, options.keytab, options.ccache)
+    elif koji.requests_kerberos and options.principal and options.keytab:
+        session.gssapi_login(options.principal, options.keytab, options.ccache)
     else:
         quit("No username/password/certificate supplied and Kerberos missing or not configured")
     # get an exclusive session

util/kojira.conf

@@ -20,12 +20,6 @@ logfile=/var/log/kojira.log
 ;location of the keytab
 ;keytab = /etc/kojira/kojira.keytab
 
-;the service name of the principal being used by the hub
-;krbservice = host
-
-;The realm of server principal. Using client's realm if not set
-;krb_server_realm = EXAMPLE.COM
-
 ;configuration for SSL authentication
 
 ;client certificate