Learn more about these different git repos.
Other Git URLs
I get the following failure while trying to push a koji build:
koji build --scratch epel8 /tmp/richacl-1.12-9.fc32.src.rpm 2020-10-09 13:40:43,365 [ERROR] koji: Fault: <Fault 1: "<class 'AttributeError'>: krbLogin">
I have a valid krb5 ticket for the realm:
date Fri Oct 9 13:41:19 CEST 2020 klist Ticket cache: FILE:/tmp/krb5cc_58602 Default principal: esindril@FEDORAPROJECT.ORG Valid starting Expires Service principal 10/09/2020 13:38:11 10/10/2020 13:38:11 krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG renew until 10/14/2020 13:37:38 10/09/2020 13:38:22 10/10/2020 13:38:11 host/koji.fedoraproject.org@FEDORAPROJECT.ORG renew until 10/14/2020 13:37:38
And executing the same command with more debug yields:
KRB5_TRACE=/dev/stdout koji build --scratch epel8 /tmp/richacl-1.12-9.fc32.src.rpm [5067] 1602243520.377235: ccselect module realm chose cache FILE:/tmp/krb5cc_58602 with client principal esindril@FEDORAPROJECT.ORG for server principal HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG [5067] 1602243520.377236: Getting credentials esindril@FEDORAPROJECT.ORG -> HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG using ccache FILE:/tmp/krb5cc_58602 [5067] 1602243520.377237: Retrieving esindril@FEDORAPROJECT.ORG -> HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_58602 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_58602) [5067] 1602243520.377238: Retrieving esindril@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_58602 with result: 0/Success [5067] 1602243520.377239: Starting with TGT for client realm: esindril@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG [5067] 1602243520.377240: Requesting tickets for HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG, referrals on [5067] 1602243520.377241: Generated subkey for TGS request: rc4-hmac/C58B [5067] 1602243520.377242: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [5067] 1602243520.377244: Encoding request body and padata into FAST request [5067] 1602243520.377245: Sending request (1007 bytes) to FEDORAPROJECT.ORG [5067] 1602243520.377246: Resolving hostname id.fedoraproject.org [5067] 1602243520.377247: TLS certificate name matched "id.fedoraproject.org" [5067] 1602243520.377248: Sending HTTPS request to https 2001:4178:2:1269::fed2:443 [5067] 1602243520.377249: Received answer (479 bytes) from https 2001:4178:2:1269::fed2:443 [5067] 1602243520.377250: Terminating TCP connection to https 2001:4178:2:1269::fed2:443 [5067] 1602243520.377251: Response was from master KDC [5067] 1602243520.377252: Decoding FAST response [5067] 1602243520.377253: TGS request result: -1765328377/Server HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG not found in Kerberos database [5067] 1602243520.377254: Requesting tickets for HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG, referrals off [5067] 1602243520.377255: Generated subkey for TGS request: rc4-hmac/B487 [5067] 1602243520.377256: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [5067] 1602243520.377258: Encoding request body and padata into FAST request [5067] 1602243520.377259: Sending request (1007 bytes) to FEDORAPROJECT.ORG [5067] 1602243520.377260: Resolving hostname id.fedoraproject.org [5067] 1602243520.377261: TLS certificate name matched "id.fedoraproject.org" [5067] 1602243520.377262: Sending HTTPS request to https 2001:4178:2:1269::fed2:443 [5067] 1602243521.205462: Received answer (479 bytes) from https 2001:4178:2:1269::fed2:443 [5067] 1602243521.205463: Terminating TCP connection to https 2001:4178:2:1269::fed2:443 [5067] 1602243521.205464: Response was from master KDC [5067] 1602243521.205465: Decoding FAST response [5067] 1602243521.205466: TGS request result: -1765328377/Server HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG not found in Kerberos database [5067] 1602243521.205472: ccselect module realm chose cache FILE:/tmp/krb5cc_58602 with client principal esindril@FEDORAPROJECT.ORG for server principal HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG [5067] 1602243521.205473: Getting credentials esindril@FEDORAPROJECT.ORG -> HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG using ccache FILE:/tmp/krb5cc_58602 [5067] 1602243521.205474: Retrieving esindril@FEDORAPROJECT.ORG -> HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_58602 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_58602) [5067] 1602243521.205475: Retrieving esindril@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_58602 with result: 0/Success [5067] 1602243521.205476: Starting with TGT for client realm: esindril@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG [5067] 1602243521.205477: Requesting tickets for HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG, referrals on [5067] 1602243521.205478: Generated subkey for TGS request: rc4-hmac/B2F0 [5067] 1602243521.205479: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [5067] 1602243521.205481: Encoding request body and padata into FAST request [5067] 1602243521.205482: Sending request (1007 bytes) to FEDORAPROJECT.ORG [5067] 1602243521.205483: Resolving hostname id.fedoraproject.org [5067] 1602243521.205484: TLS certificate name matched "id.fedoraproject.org" [5067] 1602243521.205485: Sending HTTPS request to https 2001:4178:2:1269::fed2:443 [5067] 1602243521.205486: Received answer (479 bytes) from https 2001:4178:2:1269::fed2:443 [5067] 1602243521.205487: Terminating TCP connection to https 2001:4178:2:1269::fed2:443 [5067] 1602243521.205488: Response was from master KDC [5067] 1602243521.205489: Decoding FAST response [5067] 1602243521.205490: TGS request result: -1765328377/Server HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG not found in Kerberos database [5067] 1602243521.205491: Requesting tickets for HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG, referrals off [5067] 1602243521.205492: Generated subkey for TGS request: rc4-hmac/0241 [5067] 1602243521.205493: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [5067] 1602243521.205495: Encoding request body and padata into FAST request [5067] 1602243521.205496: Sending request (1007 bytes) to FEDORAPROJECT.ORG [5067] 1602243521.205497: Resolving hostname id.fedoraproject.org [5067] 1602243521.205498: TLS certificate name matched "id.fedoraproject.org" [5067] 1602243521.205499: Sending HTTPS request to https 2001:4178:2:1269::fed2:443 [5067] 1602243522.74147: Received answer (476 bytes) from https 2001:4178:2:1269::fed2:443 [5067] 1602243522.74148: Terminating TCP connection to https 2001:4178:2:1269::fed2:443 [5067] 1602243522.74149: Response was from master KDC [5067] 1602243522.74150: Decoding FAST response [5067] 1602243522.74151: TGS request result: -1765328377/Server HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG not found in Kerberos database [5067] 1602243522.74155: Getting credentials esindril@FEDORAPROJECT.ORG -> host/koji.fedoraproject.org@FEDORAPROJECT.ORG using ccache FILE:/tmp/krb5cc_58602 [5067] 1602243522.74156: Retrieving esindril@FEDORAPROJECT.ORG -> host/koji.fedoraproject.org@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_58602 with result: 0/Success [5067] 1602243522.74157: Creating authenticator for esindril@FEDORAPROJECT.ORG -> host/koji.fedoraproject.org@FEDORAPROJECT.ORG, seqnum 443637313, subkey (null), session key aes256-cts/5FB7 2020-10-09 13:38:42,524 [ERROR] koji: Fault: <Fault 1: "<class 'AttributeError'>: krbLogin">
Do you have any suggestion on what might be wrong here? This is for a newly created account. I created my account more than 24h ago.
Thank you.
A bit more info about the OS which is CentOS7:
uname -a Linux esdss000.cern.ch 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
It looks like very old client (krbLogin is replaced by gssapiLogin few version ago). Anyway, default koji client in centos7 works for me. What koji --debug hello prints?
koji --debug hello
$ podman run -ti --rm centos:7 bash $ yum install koji krb5-workstation $ kinit tkopecek@FEDORAPROJECT.ORG $ koji hello tervehdys, tkopecek! You are using the hub at https://koji.fedoraproject.org/kojihub Authenticated via GSSAPI
Metadata Update from @tkopecek: - Custom field Size adjusted to None
Thank you for the quick reply. Indeed, we have an older version of koji 1.17.0. Updating to 1.21.1 which is the latest in EPEL7 throws a different error now:
koji hello 2020-10-09 15:09:26,169 [ERROR] koji: AuthError: unable to obtain a session [esindril@esdss000 tmp]$ KRB5_TRACE=/dev/stdout koji build --scratch epel8 /tmp/richacl-1.12-9.fc32.src.rpm [12724] 1602248969.492425: ccselect module realm chose cache FILE:/tmp/krb5cc_58602 with client principal esindril@FEDORAPROJECT.ORG for server principal HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG [12724] 1602248969.492426: Getting credentials esindril@FEDORAPROJECT.ORG -> HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG using ccache FILE:/tmp/krb5cc_58602 [12724] 1602248969.492427: Retrieving esindril@FEDORAPROJECT.ORG -> HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_58602 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_58602) [12724] 1602248969.492428: Retrieving esindril@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_58602 with result: 0/Success [12724] 1602248969.492429: Starting with TGT for client realm: esindril@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG [12724] 1602248969.492430: Requesting tickets for HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG, referrals on [12724] 1602248969.492431: Generated subkey for TGS request: aes256-cts/2C2E [12724] 1602248969.492432: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [12724] 1602248969.492434: Encoding request body and padata into FAST request [12724] 1602248969.492435: Sending request (1059 bytes) to FEDORAPROJECT.ORG [12724] 1602248969.492436: Resolving hostname id.fedoraproject.org [12724] 1602248969.492437: TLS certificate name matched "id.fedoraproject.org" [12724] 1602248969.492438: Sending HTTPS request to https 2001:4178:2:1269::fed2:443 [12724] 1602248969.492439: Received answer (484 bytes) from https 2001:4178:2:1269::fed2:443 [12724] 1602248969.492440: Terminating TCP connection to https 2001:4178:2:1269::fed2:443 [12724] 1602248969.492441: Response was from master KDC [12724] 1602248969.492442: Decoding FAST response [12724] 1602248969.492443: TGS request result: -1765328377/Server HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG not found in Kerberos database [12724] 1602248969.492444: Requesting tickets for HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG, referrals off [12724] 1602248969.492445: Generated subkey for TGS request: aes256-cts/78B8 [12724] 1602248969.492446: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [12724] 1602248969.492448: Encoding request body and padata into FAST request [12724] 1602248969.492449: Sending request (1059 bytes) to FEDORAPROJECT.ORG [12724] 1602248969.492450: Resolving hostname id.fedoraproject.org [12724] 1602248969.492451: TLS certificate name matched "id.fedoraproject.org" [12724] 1602248970.12707: Sending HTTPS request to https 2001:4178:2:1269::fed2:443 [12724] 1602248970.12708: Received answer (484 bytes) from https 2001:4178:2:1269::fed2:443 [12724] 1602248970.12709: Terminating TCP connection to https 2001:4178:2:1269::fed2:443 [12724] 1602248970.12710: Response was from master KDC [12724] 1602248970.12711: Decoding FAST response [12724] 1602248970.12712: TGS request result: -1765328377/Server HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG not found in Kerberos database [12724] 1602248970.12718: ccselect module realm chose cache FILE:/tmp/krb5cc_58602 with client principal esindril@FEDORAPROJECT.ORG for server principal HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG [12724] 1602248970.12719: Getting credentials esindril@FEDORAPROJECT.ORG -> HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG using ccache FILE:/tmp/krb5cc_58602 [12724] 1602248970.12720: Retrieving esindril@FEDORAPROJECT.ORG -> HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_58602 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_58602) [12724] 1602248970.12721: Retrieving esindril@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_58602 with result: 0/Success [12724] 1602248970.12722: Starting with TGT for client realm: esindril@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG [12724] 1602248970.12723: Requesting tickets for HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG, referrals on [12724] 1602248970.12724: Generated subkey for TGS request: aes256-cts/D3B1 [12724] 1602248970.12725: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [12724] 1602248970.12727: Encoding request body and padata into FAST request [12724] 1602248970.12728: Sending request (1058 bytes) to FEDORAPROJECT.ORG [12724] 1602248970.12729: Resolving hostname id.fedoraproject.org [12724] 1602248970.12730: TLS certificate name matched "id.fedoraproject.org" [12724] 1602248970.12731: Sending HTTPS request to https 2001:4178:2:1269::fed2:443 [12724] 1602248970.12732: Received answer (484 bytes) from https 2001:4178:2:1269::fed2:443 [12724] 1602248970.12733: Terminating TCP connection to https 2001:4178:2:1269::fed2:443 [12724] 1602248970.12734: Response was from master KDC [12724] 1602248970.12735: Decoding FAST response [12724] 1602248970.12736: TGS request result: -1765328377/Server HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG not found in Kerberos database [12724] 1602248970.12737: Requesting tickets for HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG, referrals off [12724] 1602248970.12738: Generated subkey for TGS request: aes256-cts/FB35 [12724] 1602248970.12739: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [12724] 1602248970.12741: Encoding request body and padata into FAST request [12724] 1602248970.12742: Sending request (1058 bytes) to FEDORAPROJECT.ORG [12724] 1602248970.12743: Resolving hostname id.fedoraproject.org [12724] 1602248970.12744: TLS certificate name matched "id.fedoraproject.org" [12724] 1602248970.12745: Sending HTTPS request to https 2001:4178:2:1269::fed2:443 [12724] 1602248971.192982: Received answer (484 bytes) from https 2001:4178:2:1269::fed2:443 [12724] 1602248971.192983: Terminating TCP connection to https 2001:4178:2:1269::fed2:443 [12724] 1602248971.192984: Response was from master KDC [12724] 1602248971.192985: Decoding FAST response [12724] 1602248971.192986: TGS request result: -1765328377/Server HTTP/proxy-iad01.fedoraproject.org@FEDORAPROJECT.ORG not found in Kerberos database 2020-10-09 15:09:31,213 [ERROR] koji: AuthError: unable to obtain a session
Running the following version:
rpm -qa | grep koji koji-1.21.1-1.el7.noarch python2-koji-1.21.1-1.el7.noarch
This is probably more instructive:
koji --debug hello 2020-10-09 15:24:25,136 [DEBUG] koji: Opening new requests session 2020-10-09 15:24:25,142 [DEBUG] koji: Opening new requests session 2020-10-09 15:24:27,363 [DEBUG] koji: Opening new requests session 2020-10-09 15:24:27,364 [DEBUG] koji: gssapi auth failed: HTTPError: 401 Client Error: Unauthorized Traceback (most recent call last): File "/usr/bin/koji", line 335, in <module> rv = locals()[command].__call__(options, session, args) File "/usr/lib/python2.7/site-packages/koji_cli/commands.py", line 7412, in handle_moshimoshi activate_session(session, options) File "/usr/lib/python2.7/site-packages/koji_cli/lib.py", line 700, in activate_session session.gssapi_login(proxyuser=runas) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2578, in gssapi_login raise AuthError('unable to obtain a session') koji.AuthError: unable to obtain a session
Check that you have:
rdns = false
in /etc/krb5.conf
Indeed, this is what was missing. Putting in this option, everything works. Thanks for all the replies!
Metadata Update from @esindril: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.