[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Condor 6.7.20 & BirdBath - java.rmi.RemoteException: Permission denied

At 11:24 AM 6/26/2006, Matthew Farrellee wrote:

It occurs to me that this specific permission check is actually
ALLOW_SOAP, sorry. Are those set to allow write access from your IP?

In addition to setting ALLOW_WRITE correctly as Matt says above, are you connecting via HTTPS (with an SSL client side cert to authenticate), or are you connecting via HTTP ?

If you are connecting via HTTP, you should place "QUEUE_ALL_USERS_TRUSTED=TRUE" into your condor_config (and do a condor_reconfig) if you want things to work as before. The manual entry for this setting is as follows:


  Defaults to False. If set to True, then unauthenticated users are
  allowed to write to the queue, and also we always trust whatever the
  Owner value is set to be by the client in the job ad. This was added
  so users can continue to use the SOAP web-services interface over HTTP
  (w/o authenticating) to submit jobs in a secure, controlled environment
  -- for instance, in a portal setting.

The situation is the queue manager code in the schedd really wants to only allow authenticated users to write to the queue. In previous versions of BirdBath, this was hacked around in the code because previous versions of BirdBath had no choice --- the option to authenticate to the queue did not exist. But now that web service clients can authenticate (via SSL), it was decided to set up the defaults in favor of a secure installation and require the admin to go out of their way (by changing the above setting) in order to allow unauthenticated access.

Hope this makes sense and helps with your problem,

p.s. the web service documentation in the Condor manual is scheduled for overhaul/improvement Real Soon Now(tm) --- thanks for bearing with us.

Todd Tannenbaum                       University of Wisconsin-Madison
Condor Project Research               Department of Computer Sciences
tannenba@xxxxxxxxxxx                  1210 W. Dayton St. Rm #4257
http://www.cs.wisc.edu/~tannenba      Madison, WI 53706-1685
Phone: (608) 263-7132  FAX: (608) 262-9777