[Condor-users] Enabling SSL encryption in Condor

[Pascal Jermini <pascal+condor@xxxxxxxxxxxxxxxx>]

Hi all,

we are trying to enable the SSL encryption of the traffic between the
Condor daemons in our small testing pool, but without much success.

We enabled authentication+encryption via the following variables:

SEC_DEFAULT_ENCRYPTION = REQUIRED
SEC_DEFAULT_INTEGRITY = REQUIRED
SEC_DEFAULT_AUTHENTICATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION_METHODS = SSL

We then generated the certificates, and defined the following variables
with their correct contents:

AUTH_SSL_SERVER_CAFILE
AUTH_SSL_SERVER_CADIR
AUTH_SSL_SERVER_CERTFILE
AUTH_SSL_SERVER_KEYFILE
AUTH_SSL_CLIENT_CAFILE
AUTH_SSL_CLIENT_CADIR
AUTH_SSL_CLIENT_CERTFILE
AUTH_SSL_CLIENT_KEYFILE

By looking at the logs, it looks like Condor (we are using 6.7.18) does
not even try to use SSL:

7/11 16:46:50 AUTHENTICATE: no available authentication methods
succeeded, failing! 7/11 16:46:50 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failed to authenticate with any method

Similarly, even by using ANONYMOUS as an authentication method, we get
the same error...

Someone has an idea of why this happens? Or even better, is there some
documentation about the SSL security feature of Condor? It looks like
the documentation in this area is a little bit lacking :)

Thanks in advance for any hint! If more informations are needed, I'm
glad to provide them!

best regards,

Pascal