[Pulp-list] Authenticated repositories
Giacomo Sanchietti
giacomo.sanchietti at nethesis.it
Fri Sep 28 13:54:43 UTC 2012
Hi,
all my name is Giacomo. First of all, thank you for the great job: pulp
is really cool!
I've a a few question and little problem concerning authenticated
repositories.
I tried to setup one authenticated repository using this post
(http://blog.pulpproject.org/2011/05/18/pulp-protected-repositories/)
and making some little modification to adapt the commands to the latest
stable release (pulp-1.1.11) on a CentOS 6.3.
I can register and bind the repository from the consumer, but I can't
authenticate to repository. The error returned by a "yum repolist" is
self-explanatory:
[Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 403"
And, on server side:
[Thu Sep 27 18:08:29 2012] [error] [client 192.168.5.34] Request denied
to destination [/pulp/repos/myRepo/repodata/repomd.xml]
[Thu Sep 27 18:08:29 2012] [error] [client 192.168.5.34] mod_wsgi
(pid=1775): Client denied by server configuration:
'/var/www/pub/repos/myRepo/repodata/repomd.xml'
I used the apache ssl cert to sign client entitlement and when the
client binds to the server it receives ca cert and entitlement cert.
I also set sslverify to 0, cause the cert is self-signed.
What can I check? Apparently all config files are correct, I also
temporary disabled selinux and iptables.
If needed, I can post all config files.
I also checked the apache configuration and I don't think the problem is
there: I can access non-authenticated repositories without problem.
We need to setup a big public repository and lot of small authenticated
ones and we wish to use entitlement certs to identify the clients. Is
there a way to prevent the server from sending certs to client? I'd
prefer to do this thing manually so the entitlement will be a sort of
"unique key" for the server.
Thank you in advance, ad sorry for the long mail!
--
Giacomo Sanchietti
Nethesis srl
Via degli Olmi 12 - 61122 Pesaro (PU)
tel. +39 0721 405516 - fax +39 0721 268147
www.nethesis.it - supporto at nethesis.it
More information about the Pulp-list
mailing list