[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] GSI Auth question
- Date: Tue, 21 Mar 2006 18:05:32 -0800
- From: Adam Lathers <alathers@xxxxxxxxxxxxxx>
- Subject: [Condor-users] GSI Auth question
I'm learning a bit about GSI authentication to use with our condor
pools. We have a couple of compute resources I need to work with in
different authentication realms, UID domains, and Filesystem domains.
At present, I'm trying to submit a job to a pool directly, using my
Grid proxy cert, generated with grid-proxy-init. I made certain that
the user can submit a job directly to globus, everything worked
fine. I even did a globus-job-run of "whoami" to make sure that the
username mapping was working ok. my test user account maps to my
real user account just fine. However, when I try to submit a job to
condor, I get this:
condor_submit -name remotehost -pool remotehost hostname.submit
ERROR: Failed to set Owner="globus_usermap_test" for job 3683.0 (13)
ERROR: Failed to queue job.
On the remotehost I see this:
==> /opt/condor/local.divot/log/SchedLog <==
3/21 17:38:13 (pid:29045) SetAttribute security violation: setting
owner to "globus_usermap_test" when active owner is "alathers"
NOTE: If I run the job from an account of the same name (username:
alathers on both local and remote host, with GSI cert mapped to
alathers also), it works fine.
I did some searching on the archives, and the closest thing I found
was an unanswered post regarding kerberos, found here:
If anyone has any insight, I'd really appreciate it. I'm not sure
if it's just a matter of how condor does user mapping, and I can't
really use GSI as I'd like, or if it's a configuration issue I'm
I've re-read this section of the docs also, to cover my RTFM bases,
but may well have missed something.
Thanx again, in advance everyone. Much appreciated.
NCMIR: National Center for Microscopy and Imaging Research
Distributed Systems Engineer
phone: (858) 534-7968