Red Hat Bugzilla – Bug 239223
krb5 should not use host/* principals
Last modified: 2013-01-09 20:37:59 EST
Description of problem:
There is an hardcoded server principal of 'host/%s' in
This is bad because 'host/*' principals are for system services only and the
keytab can/must not be read by non-root users. As koji services (hub) are run by
the 'httpd' user, this will not work.
There should be used (customizable) principal names like HTTP/* instead of.
Version-Release number of selected component (if applicable):
Filed upstream as https://hosted.fedoraproject.org/projects/koji/ticket/32
Waiting for an upstream fix to release.
Closing this as upstream here to. Really needs to be fixed upstream and it will
filter down to the Fedora release.