[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Enabling SSL encryption in Condor



Hi all,

an update about the issues I got with SSL authentication.
First of all here are the relevant lines from my condor_config file:

SEC_DEFAULT_ENCRYPTION = REQUIRED
SEC_DEFAULT_INTEGRITY = REQUIRED
SEC_DEFAULT_NEGOTIATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION_METHODS = FS, SSL
SEC_DEFAULT_INTEGRITY_METHODS = MD5
SEC_DEFAULT_ENCRYPTION_METHODS = 3DES, BLOWFISH

With this configuration, I'm able to submit jobs to the queue, and 
according to the logs, everything is encrypted/authenticated/integrity-checked.
On the other hand, if I change the option SEC_DEFAULT_AUTHENTICATION_METHODS to
"SSL" or "SSL, FS", the schedd crashes with the error I mentioned in my last mail.

In other words, doing first an FS authentication, which fails (according to the
log snippet reported below), and then falling back to SSL I'm able to submit jobs,
but doing the other way around (or using only SSL, which is equivalent) will result
in a crash.

Anyone got an idea of why there is this strange behaviour?

thanks in advance,

Pascal

The log snippet:

7/18 16:29:32 (fd:12) (pid:20134) SECMAN: new session, doing initial authentication.
7/18 16:29:32 (fd:12) (pid:20134) DC_AUTHENTICATE: authenticating RIGHT NOW.
7/18 16:29:32 (fd:12) (pid:20134) AUTHENTICATE: in authenticate( addr == NULL, methods == 'FS,SSL')
7/18 16:29:32 (fd:12) (pid:20134) AUTHENTICATE: can still try these methods: FS,SSL
7/18 16:29:32 (fd:12) (pid:20134) HANDSHAKE: in handshake(my_methods = 'FS,SSL')
7/18 16:29:32 (fd:12) (pid:20134) HANDSHAKE: handshake() - i am the server
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfds=11
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfound=1
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfds=11
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfound=1
7/18 16:29:32 (fd:12) (pid:20134) HANDSHAKE: client sent (methods == 260)
7/18 16:29:32 (fd:12) (pid:20134) HANDSHAKE: i picked (method == 4)
7/18 16:29:32 (fd:12) (pid:20134) HANDSHAKE: client received (method == 4)
7/18 16:29:32 (fd:12) (pid:20134) AUTHENTICATE: will try to use 4 (FS)
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfds=11
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfound=1
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfds=11
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfound=1
7/18 16:29:32 (fd:12) (pid:20134) AUTHENTICATE_FS: used file /tmp/FS_F9ohVu, status: 0
7/18 16:29:32 (fd:12) (pid:20134) AUTHENTICATE: method 4 (FS) failed.
7/18 16:29:32 (fd:12) (pid:20134) AUTHENTICATE: can still try these methods: FS,SSL
7/18 16:29:32 (fd:12) (pid:20134) HANDSHAKE: in handshake(my_methods = 'FS,SSL')
7/18 16:29:32 (fd:12) (pid:20134) HANDSHAKE: handshake() - i am the server
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfds=11
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfound=1
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfds=11
7/18 16:29:32 (fd:12) (pid:20134) condor_read(): nfound=1
7/18 16:29:32 (fd:12) (pid:20134) HANDSHAKE: client sent (methods == 256)
7/18 16:29:32 (fd:12) (pid:20134) HANDSHAKE: i picked (method == 256)
7/18 16:29:32 (fd:12) (pid:20134) HANDSHAKE: client received (method == 256)
7/18 16:29:32 (fd:12) (pid:20134) AUTHENTICATE: will try to use 256 (SSL)
.....