Learn more about these different git repos.
Other Git URLs
Our sample Apache configuration files recommend setting "GssapiSSLonly" to "Off" on the Koji Hub, and there is nothing in the koji-hub or koji-web settings that enforces the use of HTTPS for Kerberos authentication.
GssapiSSLonly
Off
Steps to resolve this: 1) Remove the "GssapiSSLonly Off" setting from the koji-hub Apache configuration. 2) Add SSLRequireSSL to the koji-hub and koji-web Apache settings.
GssapiSSLonly Off
SSLRequireSSL
https://pagure.io/koji/pull-request/2162 removes "GssapiSSLonly Off".
What is the difference between GssapiSSLonly On and SSLRequireSSL?
AFAICT SSLRequireSSL will deny the connection sooner.
In fact we should probably set SSLRequireSSL on the entire hub URL and web app, not just the single /ssllogin location.
/ssllogin
Login to comment on this ticket.