Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Condor-users] Kerberos problem
Kerberos is not supported in the Windows release of Condor, yes. What
I'm doing is running Condor on linux, talking to AD which should in
theory look pretty much like any other Kerberos running anywhere else -
in practice, of course it's not (hence my slight difficulties).
Craig
> -----Original Message-----
> From: condor-users-bounces@xxxxxxxxxxx
> [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of
> Kewley, J (John)
> Sent: Thursday, 25 November 2004 11:04 p.m.
> To: Condor-Users Mail List
> Subject: RE: [Condor-users] Kerberos problem
>
> My understanding is that Kerberos is not supported for Windows in the
> current Condor versions.
>
> JK
>
> > -----Original Message-----
> > From: Miskell, Craig [mailto:Craig.Miskell@xxxxxxxxxxxxxxxx]
> > Sent: 25 November 2004 02:58
> > To: Condor-Users Mail List
> > Subject: RE: [Condor-users] Kerberos problem
> >
> >
> > Bad form to reply to onself I know. Isn't always the way
> > that you only
> > really read the logs once you've sent them to a mailing list? The
> > obvious clue was:
> > 11/25 15:17:07 No credentials found with supported encryption types
> >
> > A quick google on that showed I needed to add:
> > default_tkt_enctypes = des-cbc-crc des-cbc-md5
> > default_tgs_enctypes = des-cbc-crc
> >
> > To the [libdefaults] section of krb5.conf, in order to obtain an
> > appropriately encoded ticket from Active Directory.
> >
> > It still doesn't work thought. The debug output gives:
> > 11/25 15:52:02 Acquiring credential for user
> > 11/25 15:52:02 KRB5 error code 52
> > And I'm now tracking down error code 52 to see what that
> shows me - I
> > may be back with another question later, but I'll be more
> careful next
> > time (I promise! ;-))
> >
> > Please accept my apologies for wasting your bandwidth and time,
> >
> > Craig
> >
> >
> > > -----Original Message-----
> > > From: condor-users-bounces@xxxxxxxxxxx
> > > [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of
> > Miskell, Craig
> > > Sent: Thursday, 25 November 2004 3:38 p.m.
> > > To: Condor-Users Mail List
> > > Subject: [Condor-users] Kerberos problem
> > >
> > > Hi,
> > > I'm starting the rollout of Condor at our site, and am trying to
> > > get the most secure configuration reasonably possible.
> As such, I'm
> > > trying to get Kerberos working. Currently, I have only a
> > single node
> > > that is my test box - it's the central manager, submit node,
> > > and single
> > > execute node. I know that's not a good long term strategy,
> > but it's a
> > > nice simple case for initial configuration testing.
> > >
> > > The problem: condor_status running as root works, but when
> > running as
> > > another non-privileged user, it fails with:
> > > AUTHENTICATE:1003:Failed to authenticate with any method
> > > AUTHENTICATE:1004:Failed to authenticate using KERBEROS
> > ==============================================================
> > =========
> > Attention: The information contained in this message and/or
> > attachments
> > from AgResearch Limited is intended only for the persons or entities
> > to which it is addressed and may contain confidential and/or
> > privileged
> > material. Any review, retransmission, dissemination or other
> > use of, or
> > taking of any action in reliance upon, this information by
> persons or
> > entities other than the intended recipients is prohibited by
> > AgResearch
> > Limited. If you have received this message in error, please
> notify the
> > sender immediately.
> > ==============================================================
> > =========
> >
> > _______________________________________________
> > Condor-users mailing list
> > Condor-users@xxxxxxxxxxx
> > http://lists.cs.wisc.edu/mailman/listinfo/condor-users
> >
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> http://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
=======================================================================
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
=======================================================================