[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] GSI Auth question

Hi all,

I'm learning a bit about GSI authentication to use with our condor pools. We have a couple of compute resources I need to work with in different authentication realms, UID domains, and Filesystem domains.

At present, I'm trying to submit a job to a pool directly, using my Grid proxy cert, generated with grid-proxy-init. I made certain that the user can submit a job directly to globus, everything worked fine. I even did a globus-job-run of "whoami" to make sure that the username mapping was working ok. my test user account maps to my real user account just fine. However, when I try to submit a job to condor, I get this:

condor_submit -name remotehost -pool remotehost hostname.submit
Submitting job(s)
ERROR: Failed to set Owner="globus_usermap_test" for job 3683.0 (13)

ERROR: Failed to queue job.

On the remotehost I see this:

==> /opt/condor/local.divot/log/SchedLog <==
3/21 17:38:13 (pid:29045) SetAttribute security violation: setting owner to "globus_usermap_test" when active owner is "alathers"

NOTE: If I run the job from an account of the same name (username: alathers on both local and remote host, with GSI cert mapped to alathers also), it works fine.

I did some searching on the archives, and the closest thing I found was an unanswered post regarding kerberos, found here: https://lists.cs.wisc.edu/archive/condor-users/pre-2004-June/ msg01373.shtml

If anyone has any insight, I'd really appreciate it. I'm not sure if it's just a matter of how condor does user mapping, and I can't really use GSI as I'd like, or if it's a configuration issue I'm overlooking? I've re-read this section of the docs also, to cover my RTFM bases, but may well have missed something.

	Thanx again, in advance everyone.  Much appreciated.

Adam Lathers
NCMIR: National Center for Microscopy and Imaging Research
Distributed Systems Engineer
phone: (858) 534-7968
web:   http://ncmir.ucsd.edu