From b7cef3a29ec958d1f27cb0c1f4c20b6f07dc8cf6 Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Feb 14 2017 16:15:38 +0000 Subject: docs update - krbV configuration --- diff --git a/docs/source/using_the_koji_build_system.rst b/docs/source/using_the_koji_build_system.rst index 97bc2db..c43f4e3 100644 --- a/docs/source/using_the_koji_build_system.rst +++ b/docs/source/using_the_koji_build_system.rst @@ -82,9 +82,25 @@ or ``fedora-packager-setup`` should fetch it. This certificate may also be needed to let `https koji `__ URLs resolve without untrusted-CA warnings. -.. raw:: mediawiki - - {{admon/warning|RHEL6 cert bug|If you're using RHEL6, an incompatibility between RHEL6's openssl and nss causes certificates downloaded from fas to fail to work with some fedpkg tools. [[https://bugzilla.redhat.com/show_bug.cgi?id=631000 Bug 631000 rhel6 openssl creates PKCS#8 encoded PEM RSA private key files, nss can't read them]]. The cert can be made compatible using this command: (openssl x509 -in ~/.fedora.cert -text; echo; openssl rsa -in ~/.fedora.cert) > fedora.cert.new}} +.. warning:: + + If you're using RHEL6, an incompatibility + between RHEL6's openssl and nss causes certificates downloaded from fas to + fail to work with some fedpkg tools. + `Bug 631000 rhel6 + openssl creates PKCS#8 encoded PEM RSA private key files, nss can't read + them `_. The cert can be made compatible using this command: + `openssl x509 -in ~/.fedora.cert -text; echo; openssl rsa -in + ~/.fedora.cert) > fedora.cert.new` + +.. warning:: + + You can also have problem in Fedora/RHEL if you are going to use GSSAPI + authentication. These distributions have changed default `rdns=false` in + /etc/krb5.conf. If you encounter + `requests_kerberos.exceptions.MutualAuthenticationError: Unable to + authenticate ` error, maybe you are hitting this problem. + `More info in pagure issue `_. Koji Config ^^^^^^^^^^^