<div dir="ltr">HI:<br><br>I'm using CentOS 5.2 for my Koji Server, but now I have a problem about Koji CLI auth.<br><br>According the wiki document in <a href="http://fedoraproject.org/wiki/Koji/ServerHowTo">http://fedoraproject.org/wiki/Koji/ServerHowTo</a> , I setup my Koji-hub、Koji-web、postgresql<br>
<br>, and have a koji web interface.<br><br>I also setup my CA Center,and configure the kojiweb.conf、kojihub.conf、/etc/koji.conf.<br><br>But when i execute the koji command with no username and password, the messages is:<br>
<br>Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')]<br><br>why?<br><br>thanks.....<br><br><br>/etc/koji.conf:<br>
<br>[koji]<br><br>;configuration for koji cli tool<br><br>;url of XMLRPC server<br>;server = <a href="http://koji.fedoraproject.org/kojihub">http://koji.fedoraproject.org/kojihub</a><br>server = <a href="http://koji.ossii.com.tw/kojihub">http://koji.ossii.com.tw/kojihub</a><br>
<br>;url of web interface<br>;weburl = <a href="http://koji.fedoraproject.org/koji">http://koji.fedoraproject.org/koji</a><br>weburl = <a href="http://koji.ossii.com.tw/koji">http://koji.ossii.com.tw/koji</a><br><br>;url of package download site<br>
;pkgurl = <a href="http://koji.fedoraproject.org/packages">http://koji.fedoraproject.org/packages</a><br>pkgurl = <a href="http://koji.ossii.com.tw/packages">http://koji.ossii.com.tw/packages</a><br><br>;path to the koji top directory<br>
topdir = /mnt/koji<br><br>;configuration for SSL athentication<br><br>;client certificate<br>;cert = ~/.fedora.cert<br>cert = /etc/kojid/kojiadmin.crt<br><br>;certificate of the CA that issued the client certificate<br>;ca = ~/.fedora-upload-ca.cert<br>
ca = /etc/kojid/kojiadmin.key<br><br>;certificate of the CA that issued the HTTP server certificate<br>;serverca = ~/.fedora-server-ca.cert<br>serverca = /etc/httpd/conf.d/ssl/ossiikojica.crt<br><br><br>kojihub.conf:<br><br>
<Directory /usr/share/koji-hub><br> SetHandler mod_python<br> PythonHandler kojixmlrpc<br> PythonOption DBName koji<br> PythonOption DBUser kevin<br> PythonOption DBHost <a href="http://127.0.0.1">127.0.0.1</a><br>
PythonOption KojiDir /mnt/koji<br><br> # Kerberos auth configuration<br> # PythonOption AuthPrincipal <a href="mailto:kojihub@EXAMPLE.COM">kojihub@EXAMPLE.COM</a><br> # PythonOption AuthKeytab /etc/koji.keytab<br>
# PythonOption ProxyPrincipals <a href="mailto:kojihub@EXAMPLE.COM">kojihub@EXAMPLE.COM</a><br> # format string for host principals (%s = hostname)<br> # PythonOption HostPrincipalFormat compile/%<a href="mailto:s@EXAMPLE.COM">s@EXAMPLE.COM</a><br>
# end Kerberos auth configuration<br><br> # SSL client certificate auth configuration<br> # the client username is the common name of the subject of their client certificate<br> PythonOption DNUsernameComponent CN<br>
# separate multiple DNs with |<br> # PythonOption ProxyDNs "/C=US/ST=Massachusetts/O=Example Org/OU=Example User/CN=example/emailAddress=<a href="mailto:example@example.com">example@example.com</a>"<br>
PythonOption ProxyDNs "/C=TW/ST=Taiwan/O=OSSII/OU=Koji Hub Server/CN=OSSII Koji Server CA/emailAddress=<a href="mailto:kevin.lin@ossii.com.tw">kevin.lin@ossii.com.tw</a>"<br> # end SSL client certificate auth configuration<br>
<br> PythonOption LoginCreatesUser On<br> PythonOption KojiWebURL <a href="http://koji.ossii.com.tw/koji">http://koji.ossii.com.tw/koji</a><br><br> # The domain name that will be appended to Koji usernames<br>
# when creating email notifications<br> PythonOption EmailDomain <a href="http://example.com">example.com</a><br> # PythonOption KojiDebug On<br> # PythonOption KojiTraceback "extended"<br>
# sending tracebacks to the client isn't very helpful for debugging xmlrpc<br> PythonDebug Off<br> # autoreload is mostly useless to us (it would only reload kojixmlrpc.py)<br> PythonAutoReload Off<br>
</Directory><br><br># uncomment this to enable authentication via SSL client certificates<br><Location /kojihub><br> SSLOptions +StdEnvVars<br></Location><br># these options must be enabled globally (in ssl.conf)<br>
SSLVerifyClient require<br>SSLVerifyDepth 10<br><br>kojiweb.conf:<br><br>Alias /koji "/usr/share/koji-web/scripts/"<br><br><Directory "/usr/share/koji-web/scripts/"><br> # Config for the publisher handler<br>
SetHandler mod_python<br> PythonHandler mod_python.publisher<br><br> # General settings<br> PythonDebug On<br> PythonOption KojiHubURL <a href="http://koji.ossii.com.tw/kojihub">http://koji.ossii.com.tw/kojihub</a><br>
PythonOption KojiWebURL <a href="http://koji.ossii.com.tw/koji">http://koji.ossii.com.tw/koji</a><br> PythonOption KojiPackagesURL <a href="http://koji.ossii.com.tw/koji/packages">http://koji.ossii.com.tw/koji/packages</a><br>
PythonOption WebPrincipal koji/<a href="mailto:kevin.lin@ossii.com.tw">kevin.lin@ossii.com.tw</a><br> PythonOption WebKeytab /etc/httpd.keytab<br> PythonOption WebCCache /var/tmp/kojiweb.ccache<br> PythonOption WebCert /etc/httpd/conf.d/ssl/kojiweb.crt<br>
PythonOption ClientCA /etc/httpd/conf.d/ssl/kojiweb.key<br> PythonOption KojiHubCA /etc/httpd/conf.d/ssl/ossiikojica.crt<br> PythonOption LoginTimeout 72<br> # This must be changed before deployment<br> PythonOption Secret CHANGE_ME<br>
PythonPath "sys.path + ['/usr/share/koji-web/lib']"<br> PythonCleanupHandler kojiweb.handlers::cleanup<br> PythonAutoReload Off<br></Directory><br><Location /koji/login><br> SSLOptions +StdEnvVars<br>
</Location><br># these options must be enabled globally (in ssl.conf)<br>SSLVerifyClient require<br>SSLVerifyDepth 10<br><br>Alias /koji-static/ "/usr/share/koji-web/static/"<br><br><Directory "/usr/share/koji-web/static/"><br>
Options None<br> AllowOverride None<br> Order allow,deny<br> Allow from all<br></Directory><br><br>ssl.conf<br><br>SSLCertificateFile /etc/httpd/conf.d/ssl/kojihub.crt<br>SSLCertificateKeyFile /etc/httpd/conf.d/ssl/kojihub.key<br>
SSLCACertificateFile /etc/httpd/conf.d/ssl/ossiikojica.crt<br>SSLVerifyClient require<br>SSLVerifyDepth 10<br><br><br><br clear="all"><br>-- <br>=============================================================================<br>
林毓能 <br>Linul<br>RedHat Certified Engineer<br><br>TsLG網路工作室:<a href="http://www.tslg.idv.tw">http://www.tslg.idv.tw</a><br>TsLG城市午後:<a href="http://blog.tslg.idv.tw">http://blog.tslg.idv.tw</a><br>Linul攝影紀實:<a href="http://photo.tslg.idv.tw">http://photo.tslg.idv.tw</a><br>
手機:0939797462<br>E-mail : <a href="mailto:kevin.linul@gmail.com">kevin.linul@gmail.com</a>; <a href="mailto:linul@tslg.idv.tw">linul@tslg.idv.tw</a><br>=============================================================================
</div>