[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] user based authorization not working
- Date: Tue, 14 Feb 2006 13:28:34 +0000
- From: "Dr Ian C. Smith" <i.c.smith@xxxxxxxxxxxxxxx>
- Subject: Re: [Condor-users] user based authorization not working
--On 13 February 2006 12:26 -0600 Zachary Miller <zmiller@xxxxxxxxxxx>
I read this again and it made more sense second time around.
I tried getting Condor to use CLAIMTOBE by including
these lines in the master condor_config:
SEC_DEFAULT_AUTHENTICATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION_METHODS = CLAIMTOBE
but then I couldn't do a condor_reconfig. Instead I
got this error:
AUTHENTICATE:1003:Failed to authenticate with any method
Can't send Reconfig command to local master
Could you elaborate on this ?
once you changed your config file, the running daemons and the
condor_reconfig tool now have incompatible settings. the running daemon
has the default list of authentication methods (FS, KERBEROS, GSI) but
the tool has only CLAIMTOBE.
set the methods to CLAIMTOBE, FS. then do the reconfig (it will use FS).
then take out FS and reconfig again, and you'll have just CLAIMTOBE.
there's no harm in just leaving FS in there though.
This kind of follows the same thread ...
Looking at how the config file on the central manager is set up it appears
to me that the requirements for a submit only host are the same as for
an execute only host i.e. an entry in HOSTALLOW_READ and HOSTALLOW_WRITE.
Does this mean that any execute host could potentially be used as a submit
host ? I ask this in case ordinary (non-Condor) users on the execute hosts
could install a condor client and use it to submit jobs thus side stepping
the access controls.
Condor-users mailing list