Re: [Condor-users] problems with credd

["Chin, Tammy" <chint@xxxxxxx>]

Title: RE: [Condor-users] problems with credd

Greg,

I assumed that you meant for me to change the CREDD_DEBUG level from D_FULLDEBUG to D_SECURITY.

Here's a section of the log after sending a group of 9 whoami jobs through. I don't see much difference in the debugging level:

5/10 11:55:22 SEC_DEBUG_PRINT_KEYS is undefined, using default value of False
5/10 11:55:22 Found credential for user 'condor_pool'
5/10 11:55:22 Found credential for user 'condor_pool'
5/10 11:55:22 SEC_DEBUG_PRINT_KEYS is undefined, using default value of False
5/10 11:55:22 DaemonCore: PERMISSION DENIED to condor_pool@xxxxxxx from host <132.225.62.121:2959> for command 81099 (CREDD_GET_PASSWD)

5/10 11:55:24 SEC_DEBUG_PRINT_KEYS is undefined, using default value of False
5/10 11:55:24 Found credential for user 'condor_pool'
5/10 11:55:24 Found credential for user 'condor_pool'
5/10 11:55:24 SEC_DEBUG_PRINT_KEYS is undefined, using default value of False
5/10 11:55:24 DaemonCore: PERMISSION DENIED to condor_pool@xxxxxxx from host <132.225.62.121:2965> for command 81099 (CREDD_GET_PASSWD)

5/10 11:55:26 SEC_DEBUG_PRINT_KEYS is undefined, using default value of False
5/10 11:55:26 Found credential for user 'condor_pool'
5/10 11:55:26 Found credential for user 'condor_pool'
5/10 11:55:26 SEC_DEBUG_PRINT_KEYS is undefined, using default value of False
5/10 11:55:26 DaemonCore: PERMISSION DENIED to condor_pool@xxxxxxx from host <132.225.62.121:2972> for command 81099 (CREDD_GET_PASSWD)

5/10 11:57:05 Getting monitoring info for pid 1660
5/10 11:59:05 Trying to update collector <132.225.62.115:9618>
5/10 11:59:05 Attempting to send update via UDP to collector crw2268.aecl.ca <132.225.62.115:9618>
5/10 11:59:05 SEC_DEBUG_PRINT_KEYS is undefined, using default value of False
5/10 11:59:05 SEC_DEBUG_PRINT_KEYS is undefined, using default value of False
5/10 11:59:05 SEC_DEBUG_PRINT_KEYS is undefined, using default value of False

In the job logs there are shadow exceptions, but when I look at the shadow log, the exceptions are due to the fact that it can't contact the credd server.

Tammy

-----Original Message-----
From: condor-users-bounces@xxxxxxxxxxx
[mailto:condor-users-bounces@xxxxxxxxxxx]On Behalf Of Greg Quinn
Sent: May 10, 2006 11:48 AM
To: Condor-Users Mail List
Subject: Re: [Condor-users] problems with credd

Chin, Tammy wrote:

> All the machines except one are now running the whoami job.
>
> Piece of the credd log:
>
> 5/10 09:19:17 SEC_DEBUG_PRINT_KEYS is undefined, using default value of
> False
> 5/10 09:19:17 Found credential for user 'condor_pool'
> 5/10 09:19:17 Found credential for user 'condor_pool'
> 5/10 09:19:17 SEC_DEBUG_PRINT_KEYS is undefined, using default value of
> False
> 5/10 09:19:17 DaemonCore: PERMISSION DENIED to condor_pool@xxxxxxx from
> host <132.225.62.121:3454> for command 81099 (CREDD_GET_PASSWD)

Hmm, well again, the authentication is working fine but permission is
still being denied. You may want to turn on D_SECURITY on the CredD and
try again (this will be really verbose).

Greg
_______________________________________________
Condor-users mailing list
Condor-users@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

CONFIDENTIAL AND PRIVILEGED INFORMATION NOTICE

This e-mail, and any attachments, may contain information that
is confidential, subject to copyright, or exempt from disclosure.
Any unauthorized review, disclosure, retransmission, 
dissemination or other use of or reliance on this information 
may be unlawful and is strictly prohibited.  

AVIS D'INFORMATION CONFIDENTIELLE ET PRIVILÉGIÉE

Le présent courriel, et toute pièce jointe, peut contenir de 
l'information qui est confidentielle, régie par les droits 
d'auteur, ou interdite de divulgation. Tout examen, 
divulgation, retransmission, diffusion ou autres utilisations 
non autorisées de l'information ou dépendance non autorisée 
envers celle-ci peut être illégale et est strictement interdite.