Mailing List ArchivesPublic Access |
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesPublic Access |
|
|
Thank you for the replies.
I can think of two potential bugs:
Perhaps I could make a feature request: make "factory" settings available through condor_config_val.
The first time I ran condor_config_val -v -dump, I was thrilled, this is absolutely brilliant. It provides all the controls, what they are set to (= and expanded), how they get set (at), and what their "factory" setting (default) is.
condor_config_val follows the "knob" metaphor fairly well.
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of John M Knoeller via HTCondor-users <htcondor-users@xxxxxxxxxxx>
Sent: Monday, August 21, 2023 10:16:48 AM To: HTCondor-Users Mail List Cc: John M Knoeller Subject: [EXTERNAL] Re: [HTCondor-users] is this a bug? Windows using SECURITY:recommended_v9_0 Note that NTSSPI on Windows is sort of equivalent to FS on Linux. It is a auth method that is always available and can be used to authenticate local users. NTSSPI can also be used to authenticate remote users, but only when the machine is part of an NT Domain. If the machine is not part of an NT Domain, then NTSSPI can only authenticate local users.
The value for SEC_DEFAULT_AUTHENTICATION_METHODS is build up at runtime when the configured value is empty. Thus when condor_config_val shows the default value as blank The effective value is usually NTSSPI, IDTOKEN, KERBEROS, SSL
KERBEROS AND SSL are present only if the libraries for those methods are installed. For Windows, they are installed by the MSI installer. NTSSPI is always installed, since it is the native method for Windows, and IDTOKEN is baked into the HTCondor code, so it is always available as well.
-tj
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx>
On Behalf Of Cole Bollig via HTCondor-users
Hi Sam,
This is expected. HTCondor does have a list of default authentication methods to use, and the methods (FS & IDTOKENS) should be in that list. The Configuration knob SEC_DEFAULT_AUTHENTICATION_METHODS is a knob that allows administrators to overwrite the default authentication methods list. This specific knob is undefined by default so condor_config_val will so it as undefined rather than output the internal default list. The internal default list for windows in V9 of HTCondor is: NTSSPI, IDTOKEN, KERBEROS, and SSL. FS is not available on windows.
-Cole Bollig From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx>
on behalf of
Sam.Dana@xxxxxxxxxxx <Sam.Dana@xxxxxxxxxxx>
Setting up a Windows only HTCondor pool.
As I explore the metaknobs, I noticed 'use SECURITY:recomended_v9_0' states: # Assume that FS and IDTOKENS are in SEC_DEFAULT_AUTHENTICATION_METHODS, which they are by default. However, condor_config_val -v SEC_DEFAULT_AUTHENTICATION_METHODS shows it is "Not defined".
What settings should used under Windows?
NOTICE: This email message and all attachments transmitted with it may contain privileged and confidential information, and information that is protected by, and proprietary to, Parsons Corporation, and is intended solely for the use of the addressee for the specific purpose set forth in this communication. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited, and you should delete this message and all copies and backups thereof. The recipient may not further distribute or use any of the information contained herein without the express written authorization of the sender. If you have received this message in error, or if you have any questions regarding the use of the proprietary information contained therein, please contact the sender of this message immediately, and the sender will provide you with further instructions. |