[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Remote "condor_rm" authentication problem




Never mind. A more thorough scouring of the docs revealed the existence of SEC_DEFAULT_ENCRYPTION, which is all I needed. Thanks anyway...


-Mike

Michael S. Root wrote:

Hi. I'm having a strange problem here. I have written a little web interface we can use to monitor jobs in our modest Condor 6.6.7 pool. Recently, I've been trying to add the ability to delete jobs from the queue via our intranet (this is all behind a firewall).


The web server is NOT running any condor daemonsm we have a separate dedicated machine for the central manager. From the webserver, condor_q, condor_status, and condor_userprio all work fine. I can even use condor_userprio to change priorities as the 'apache' user. However, condor_rm gives nasty authentication errors, whether run as the 'apache' user, myself (the job's owner), or even as root.

All the errors seem Globus-related, but we don't use Globus at all. I've tried messing with QUEUE_SUPER_USERS, but to no avail.

Is this a bug in Condor? Anyone have any ideas?

-Mike


Output from running "condor_rm -name hostname 12345.0":
------------------------------------------------------------
AUTHENTICATE:1003:Failed to authenticate with any method
AUTHENTICATE:1004:Failed to authenticate using GSI
GSI:5003:Failed to authenticate. Globus is reporting error (851968:24). There is probably a problem with your credentials. (Did you run grid-proxy-init?)
AUTHENTICATE:1004:Failed to authenticate using KERBEROS
AUTHENTICATE:1004:Failed to authenticate using FS
------------------------------------------------------------





From SchedLog on the machine which submitted the job:
------------------------------------------------------------
12/17 14:10:41 DaemonCore: Command received via TCP from host <192.168.1.10:40142>
12/17 14:10:41 DaemonCore: received command 478 (ACT_ON_JOBS), calling handler (actOnJobs)
12/17 14:10:41 authenticate_self_gss: acquiring self credentials failed. Please check your Condor configuration file if this is a server process. Or the use
r environment variable if this is a user process.


GSS Major Status: General failure
GSS Minor Status Error Chain:

acquire_cred.c:125: gss_acquire_cred: Error with GSI credential
globus_i_gsi_gss_utils.c:1298: globus_i_gsi_gss_cred_read: Error with gss credential handle
globus_gsi_credential.c:721: globus_gsi_cred_read: Valid credentials could not be found in any of the possible locations specified by the credential search
order.
globus_gsi_credential.c:447: globus_gsi_cred_read: Error reading host credential
globus_gsi_system_config.c:4055: globus_gsi_sysconfig_get_host_cert_filename_unix: Could not find a valid certificate file: The host cert could not be found
in:
1) env. var. X509_USER_CERT=NULL
2) /etc/grid-security/hostcert.pem
3) NULL
4) /root/.globus/hostcert.pem


The host key could not be found in:
1) env. var. X509_USER_KEY=NULL
2) /etc/grid-security/hostkey.pem
3) NULL
4) /root/.globus/hostkey.pem

globus_gsi_credential.c:239: globus_gsi_cred_read: Error reading proxy credential
globus_gsi_system_config.c:4585: globus_gsi_sysconfig_get_proxy_filename_unix: Could not find a valid proxy certificate file location: A file location for t
he proxy cert could not be found in:
1) env. var. X509_USER_PROXY=NULL
2) /tmp/x509up_u0


globus_gsi_credential.c:324: globus_gsi_cred_read: Error reading user credential
globus_gsi_system_config.c:3754: globus_gsi_sysconfig_get_user_cert_filename_unix: Error with certificate filename: The user cert could not be found in:
1) env. var. X509_USER_CERT=NULL
2) /root/.globus/usercert.pem
3) /root/.globus/usercred.p12


12/17 14:10:41 AUTHENTICATE: no available authentication methods succeeded, failing!
12/17 14:10:41 actOnJobs(): failed to authenticate, aborting
12/17 14:10:41 SCHEDD:4001:Failed to act on jobs: Authentication failed
AUTHENTICATE:1003:Failed to authenticate with any method
AUTHENTICATE:1004:Failed to authenticate using GSI
GSI:5003:Failed to authenticate. Globus is reporting error (851968:198). There is probably a problem with your credentials. (Did you run grid-proxy-init?
)
AUTHENTICATE:1004:Failed to authenticate using KERBEROS
AUTHENTICATE:1004:Failed to authenticate using FS
12/17 14:10:41 condor_write(): Socket closed when trying to write buffer
12/17 14:10:41 Buf::write(): condor_write() failed
------------------------------------------------------------





_______________________________________________ Condor-users mailing list Condor-users@xxxxxxxxxxx http://lists.cs.wisc.edu/mailman/listinfo/condor-users