Learn more about these different git repos.
Other Git URLs
When using python3 for the koji client, krbV is unavailable. This leads to the following error if gssapi error fails (because the user had no ticket for example): "Please install python-krbV to use kerberos.". If krbV is unavailable, we should instead make the gssapi error fatal.
Fix in #518.
For the future, related to this issue is that service principals of the form user/host@REALM (indicated in the default configuration files) will be unusable with mod_auth_gssapi unless they are actually mapped to local users in /etc/krb5.conf.
<Location /kojihub/ssllogin> ... "GssapiLocalName On" ...
Unfortunately, if your kerberos installation is based on FreeIPA/SSSD, auth_to_local mapping in krb5.conf is overriden by the localauth_plugin provided by the sssd-client package.
The current recommendation from the FreeIPA community AFAIK, is to prefer service principals over user principals due to the fact that FreeIPA users will have lots of control over their own "account" in FreeIPA by default.
I report this since Koji is moving toward mod_auth_gssapi and I was running into this same error.
pr #518 was merged
Metadata Update from @mikem: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @julian8628: - Issue set to the milestone: 1.14
Login to comment on this ticket.