Re: [HTCondor-users] Token directory for service account

Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

- Jaime

On Aug 24, 2023, at 8:49 AM, Weatherby,Gerard <gweatherby@xxxxxxxx> wrote:

We have a no login, no home directory service account for some automated processing. Iâm trying to use SEC_TOKEN_DIRECTORY to specify the token file location:

#!/bin/bash

ORIGIN=$(dirname $(readlink -f $0))

sudo -H -u serviceaccount _D_TOOL_DEBUG=D_ALL SEC_TOKEN_DIRECTORY=/tmp/token condor_submit -debug $ORIGIN/jobls

sudo -H -u serviceaccount condor_token_list -dir /tmp/token

Itâs failing with the following output:

08/24/23 09:43:38 Can't open directory "/etc/condor/passwords.d" as PRIV_ROOT, errno: 13 (Permission denied)

08/24/23 09:43:38 Can't open directory "/etc/condor/passwords.d" as PRIV_ROOT, errno: 13 (Permission denied)

08/24/23 09:43:38 SECMAN: required authentication with collector at <155.37.253.160:9618> failed, so aborting command QUERY_SCHEDD_ADS.

08/24/23 09:43:38 ERROR: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS

ERROR: Can't find address of local schedd

Header: {"alg":"HS256","kid":"token_key"} Payload: {"iat":1692881884,"iss":"condorcentralmanager.nmrbox.org","jti":"b1268f259aa3b703ca09eaf70b7869ac","sub":serviceaccount@xxxxxxxxxx} File: /tmp/token/bmrbindefinite

(Iâve edited the name of the service account because I donât want it on a public mailing list)

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

Mailing List Archives

Public Access

Re: [HTCondor-users] Token directory for service account