<div dir="ltr">HI: I'm using CentOS 5.2 for my Koji Server, but now I have a problem about Koji CLI auth. According the wiki document in <a href="http://fedoraproject.org/wiki/Koji/ServerHowTo">http://fedoraproject.org/wiki/Koji/ServerHowTo</a> , I setup my Koji-hub、Koji-web、postgresql , and have a koji web interface. I also setup my CA Center，and configure the kojiweb.conf、kojihub.conf、/etc/koji.conf. But when i execute the koji command with no username and password, the messages is： Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')] why? thanks..... /etc/koji.conf： [koji] ;configuration for koji cli tool ;url of XMLRPC server ;server = <a href="http://koji.fedoraproject.org/kojihub">http://koji.fedoraproject.org/kojihub</a> server = <a href="http://koji.ossii.com.tw/kojihub">http://koji.ossii.com.tw/kojihub</a> ;url of web interface ;weburl = <a href="http://koji.fedoraproject.org/koji">http://koji.fedoraproject.org/koji</a> weburl = <a href="http://koji.ossii.com.tw/koji">http://koji.ossii.com.tw/koji</a> ;url of package download site ;pkgurl = <a href="http://koji.fedoraproject.org/packages">http://koji.fedoraproject.org/packages</a> pkgurl = <a href="http://koji.ossii.com.tw/packages">http://koji.ossii.com.tw/packages</a> ;path to the koji top directory topdir = /mnt/koji ;configuration for SSL athentication ;client certificate ;cert = ~/.fedora.cert cert = /etc/kojid/kojiadmin.crt ;certificate of the CA that issued the client certificate ;ca = ~/.fedora-upload-ca.cert ca = /etc/kojid/kojiadmin.key ;certificate of the CA that issued the HTTP server certificate ;serverca = ~/.fedora-server-ca.cert serverca = /etc/httpd/conf.d/ssl/ossiikojica.crt kojihub.conf： <Directory /usr/share/koji-hub> SetHandler mod_python PythonHandler kojixmlrpc PythonOption DBName koji PythonOption DBUser kevin PythonOption DBHost <a href="http://127.0.0.1">127.0.0.1</a> PythonOption KojiDir /mnt/koji # Kerberos auth configuration # PythonOption AuthPrincipal <a href="mailto:kojihub@EXAMPLE.COM">kojihub@EXAMPLE.COM</a> # PythonOption AuthKeytab /etc/koji.keytab # PythonOption ProxyPrincipals <a href="mailto:kojihub@EXAMPLE.COM">kojihub@EXAMPLE.COM</a> # format string for host principals (%s = hostname) # PythonOption HostPrincipalFormat compile/%<a href="mailto:s@EXAMPLE.COM">s@EXAMPLE.COM</a> # end Kerberos auth configuration # SSL client certificate auth configuration # the client username is the common name of the subject of their client certificate PythonOption DNUsernameComponent CN # separate multiple DNs with | # PythonOption ProxyDNs "/C=US/ST=Massachusetts/O=Example Org/OU=Example User/CN=example/emailAddress=<a href="mailto:example@example.com">example@example.com</a>" PythonOption ProxyDNs "/C=TW/ST=Taiwan/O=OSSII/OU=Koji Hub Server/CN=OSSII Koji Server CA/emailAddress=<a href="mailto:kevin.lin@ossii.com.tw">kevin.lin@ossii.com.tw</a>" # end SSL client certificate auth configuration PythonOption LoginCreatesUser On PythonOption KojiWebURL <a href="http://koji.ossii.com.tw/koji">http://koji.ossii.com.tw/koji</a> # The domain name that will be appended to Koji usernames # when creating email notifications PythonOption EmailDomain <a href="http://example.com">example.com</a> # PythonOption KojiDebug On # PythonOption KojiTraceback "extended" # sending tracebacks to the client isn't very helpful for debugging xmlrpc PythonDebug Off # autoreload is mostly useless to us (it would only reload kojixmlrpc.py) PythonAutoReload Off </Directory> # uncomment this to enable authentication via SSL client certificates <Location /kojihub> SSLOptions +StdEnvVars </Location> # these options must be enabled globally (in ssl.conf) SSLVerifyClient require SSLVerifyDepth 10 kojiweb.conf： Alias /koji "/usr/share/koji-web/scripts/" <Directory "/usr/share/koji-web/scripts/"> # Config for the publisher handler SetHandler mod_python PythonHandler mod_python.publisher # General settings PythonDebug On PythonOption KojiHubURL <a href="http://koji.ossii.com.tw/kojihub">http://koji.ossii.com.tw/kojihub</a> PythonOption KojiWebURL <a href="http://koji.ossii.com.tw/koji">http://koji.ossii.com.tw/koji</a> PythonOption KojiPackagesURL <a href="http://koji.ossii.com.tw/koji/packages">http://koji.ossii.com.tw/koji/packages</a> PythonOption WebPrincipal koji/<a href="mailto:kevin.lin@ossii.com.tw">kevin.lin@ossii.com.tw</a> PythonOption WebKeytab /etc/httpd.keytab PythonOption WebCCache /var/tmp/kojiweb.ccache PythonOption WebCert /etc/httpd/conf.d/ssl/kojiweb.crt PythonOption ClientCA /etc/httpd/conf.d/ssl/kojiweb.key PythonOption KojiHubCA /etc/httpd/conf.d/ssl/ossiikojica.crt PythonOption LoginTimeout 72 # This must be changed before deployment PythonOption Secret CHANGE_ME PythonPath "sys.path + ['/usr/share/koji-web/lib']" PythonCleanupHandler kojiweb.handlers::cleanup PythonAutoReload Off </Directory> <Location /koji/login> SSLOptions +StdEnvVars </Location> # these options must be enabled globally (in ssl.conf) SSLVerifyClient require SSLVerifyDepth 10 Alias /koji-static/ "/usr/share/koji-web/static/" <Directory "/usr/share/koji-web/static/"> Options None AllowOverride None Order allow,deny Allow from all </Directory> ssl.conf SSLCertificateFile /etc/httpd/conf.d/ssl/kojihub.crt SSLCertificateKeyFile /etc/httpd/conf.d/ssl/kojihub.key SSLCACertificateFile /etc/httpd/conf.d/ssl/ossiikojica.crt SSLVerifyClient require SSLVerifyDepth 10 -- ============================================================================= 林毓能 Linul RedHat Certified Engineer TsLG網路工作室：<a href="http://www.tslg.idv.tw">http://www.tslg.idv.tw</a> TsLG城市午後：<a href="http://blog.tslg.idv.tw">http://blog.tslg.idv.tw</a> Linul攝影紀實：<a href="http://photo.tslg.idv.tw">http://photo.tslg.idv.tw</a> 手機：0939797462 E-mail : <a href="mailto:kevin.linul@gmail.com">kevin.linul@gmail.com</a>; <a href="mailto:linul@tslg.idv.tw">linul@tslg.idv.tw</a> ============================================================================= </div>