Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] Kerberos on Tru64
Hi,
I've got a working condor test pool (3 linux nodes) running
6.7.3, and am experimenting with adding a Tru64 5.1 box as a submit
host. I have a working Kerberos installation (MIT Kerberos) on the
linux master host, and that works well among the existing pool.
So I grabbed and installed condor for Tru64. I copied the config file
from the other nodes and munged it to account for the Tru64 path
differences (i.e. minimal changes), and tried to run condor_status to
query the pool. No go. With -debug and ALL_DEBUG=D_ALL, I got the
following output (snipped for relevance:)
...
2/4 14:51:42 (fd:2) AUTHENTICATE: in authenticate( addr ==
'<IPADDRESSHIDDEN:9618>', methods == 'KERBEROS')
2/4 14:51:42 (fd:2) AUTHENTICATE: can still try these methods: KERBEROS
2/4 14:51:42 (fd:2) HANDSHAKE: in handshake(my_methods = 'KERBEROS')
2/4 14:51:42 (fd:2) HANDSHAKE: handshake() - i am the client
2/4 14:51:42 (fd:2) HANDSHAKE: sending (methods == 64) to server
2/4 14:51:42 (fd:2) HANDSHAKE: server replied (method = 64)
2/4 14:51:42 (fd:2) AUTHENTICATE: will try to use 64 (KERBEROS)
2/4 14:51:42 (fd:2) Failed to build server principal
2/4 14:51:42 (fd:2) AUTHENTICATE: method 64 (KERBEROS) failed.
...
This is as compared to the following on a working box
...
2/4 14:30:55 (fd:2) HANDSHAKE: server replied (method = 64)
2/4 14:30:55 (fd:2) AUTHENTICATE: will try to use 64 (KERBEROS)
2/4 14:30:55 (fd:2) ZKM: krb5_unparse_name:
host/imp26.agresearch.co.nz@xxxxxxxxxxxxxxxxxxxxxxx
2/4 14:30:55 (fd:2) ZKM: no user yet determined, will grab up to slash
2/4 14:30:55 (fd:2) ZKM: picked user: host
2/4 14:30:55 (fd:2) ZKM: remapping 'host' to 'condor'
2/4 14:30:55 (fd:2) KERBEROS: mapping realm CONDOR.AGRESEARCH.CO.NZ to
domain agresearch.co.nz.
...
Now I have a KERBEROS_MAP_FILE with the contents:
CONDOR.AGRESEARCH.CO.NZ=agresearch.co.nz
but the interesting thing is that when I run TRUSS on condor_status, it
doesn't show any attempt to access the map file (whereas strace on linux
shows that it does). Permissions are OK on the file, but I don't think
it's that anyway because there's not even an *attempt* to open the file.
I think that this is the root cause of the problem, but don't know what
to try from here.
Any ideas?
Craig Miskell,
Technical Support,
AgResearch Invermay
03 489-9279
"The problem with defending the purity of the English language is that
English
is about as pure as a cribhouse whore. We don't just borrow words; on
occasion,
English has pursued other languages down alleyways to beat them
unconscious and
rifled their pockets for new vocabulary."
-- James D. Nicoll
=======================================================================
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
=======================================================================