[Pulp-list] Authenticated repositories

[Giacomo Sanchietti]

Hi,
all my name is Giacomo. First of all, thank you for the great job: pulp 
is really cool!

I've a a few question and little problem concerning authenticated 
repositories.

I tried to setup one authenticated repository using this post 
(http://blog.pulpproject.org/2011/05/18/pulp-protected-repositories/) 
and making some little modification to adapt the commands to the latest 
stable release (pulp-1.1.11) on a CentOS 6.3.
I can register and bind the repository from the consumer, but I can't 
authenticate to repository. The error returned by a "yum repolist" is 
self-explanatory:

[Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 403"

And, on server side:

[Thu Sep 27 18:08:29 2012] [error] [client 192.168.5.34] Request denied 
to destination [/pulp/repos/myRepo/repodata/repomd.xml]
[Thu Sep 27 18:08:29 2012] [error] [client 192.168.5.34] mod_wsgi 
(pid=1775): Client denied by server configuration: 
'/var/www/pub/repos/myRepo/repodata/repomd.xml'

I used the apache ssl cert to sign client entitlement and when the 
client binds to the server it receives ca cert and entitlement cert.
I also set sslverify to 0, cause the cert is self-signed.

What can I check? Apparently all config files are correct, I also 
temporary disabled selinux and iptables.
If needed, I can post all config files.
I also checked the apache configuration and I don't think the problem is 
there: I can access non-authenticated repositories without problem.

We need to setup a big public repository and lot of small authenticated 
ones and we wish to use entitlement certs to identify the clients. Is 
there a way to prevent the server from sending certs to client? I'd 
prefer to do this thing manually so the entitlement will be a sort of 
"unique key" for the server.


Thank you in advance, ad sorry for the long mail!
-- 
Giacomo Sanchietti

Nethesis srl
Via degli Olmi 12 - 61122 Pesaro (PU)
tel. +39 0721 405516 - fax +39 0721 268147
www.nethesis.it - supporto at nethesis.it