On 11/21/2016 05:02 AM, Matěj Cepl wrote: > On 2016-11-20, 01:11 GMT, Dennis Gilmore wrote: >> you can get started today by doing kinit <fas >> username>@FEDORAPROJECT.ORG if you move your ~/.fedora.cert >> file out of the way authentication will still work. > > a) Is it possible to have multiple tickets, each from different > realm? When I do kinit mcepl@xxxxxxxxxxxxxxxxx, klist looks like my > @REDHAT.COM ticket has been knocked out (i.e., there is only FPO > ticket there). Ah, klist -A seems to be the answer. Yes, Kerberos now (for the last four or five years) supports multiple TGTs. If your krb5.conf is set up to map them automatically to domains, you don't need to do anything special. If not, you can still switch between them with ``` kswitch -p username@REALM ``` > b) We do have to do the Firefox Kerberos-dance anyway > (https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication), > right? Somebody should mention that, so I do. It doesn't sound like we actually need Kerberos to access Koji Web at all, so this is probably unnecessary. > c) Despite doing all this I don’t see myself logged-in to Koji. What > am I missing? This is discussing the use of Koji through the `koji` CLI (implicitly by way of fedpkg). I don't think there's been any discussion about logging into the web interface.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
