[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Condor-users] Kerberos problem



 Bad form to reply to onself I know.  Isn't always the way that you only
really read the logs once you've sent them to a mailing list?  The
obvious clue was:
11/25 15:17:07 No credentials found with supported encryption types

A quick google on that showed I needed to add:
 default_tkt_enctypes = des-cbc-crc des-cbc-md5
 default_tgs_enctypes = des-cbc-crc

To the [libdefaults] section of krb5.conf, in order to obtain an
appropriately encoded ticket from Active Directory.

It still doesn't work thought.  The debug output gives:
11/25 15:52:02 Acquiring credential for user
11/25 15:52:02 KRB5 error code 52
And I'm now tracking down error code 52 to see what that shows me - I
may be back with another question later, but I'll be more careful next
time (I promise! ;-))

Please accept my apologies for wasting your bandwidth and time,

Craig


> -----Original Message-----
> From: condor-users-bounces@xxxxxxxxxxx 
> [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Miskell, Craig
> Sent: Thursday, 25 November 2004 3:38 p.m.
> To: Condor-Users Mail List
> Subject: [Condor-users] Kerberos problem
> 
> Hi,
> 	I'm starting the rollout of Condor at our site, and am trying to
> get the most secure configuration reasonably possible.  As such, I'm
> trying to get Kerberos working.  Currently, I have only a single node
> that is my test box - it's the central manager, submit node, 
> and single
> execute node.  I know that's not a good long term strategy, but it's a
> nice simple case for initial configuration testing.  
> 
> The problem:  condor_status running as root works, but when running as
> another non-privileged user, it fails with:
> AUTHENTICATE:1003:Failed to authenticate with any method
> AUTHENTICATE:1004:Failed to authenticate using KERBEROS
=======================================================================
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
=======================================================================