[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Birdbath SSL config problem.



David,

I'm sorry about this, but it looks like 6.8 shipped with incorrect names for the mapfile parameters. The proper names are SEC_CANONICAL/ USER_MAPFILE as you are using, but in the code they are actually CERTIFICATE_MAPFILE and USER_MAPFILE. Please use CERTIFICATE/ USER_MAPFILE for now.

Best,


matt

On Sep 6, 2006, at 1:16 PM, David Braun wrote:

Does anyone have any insight into what is miss configured.
CERTIFICATE_MAPFILE is not set in condor_config.


userfile:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::
(.*) \1
mapfile::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::
.*emailAddress=(.*)@purdue.edu \1

condor_config (part of):::::::::::::::::::::::::::::::::::::::
WEB_ROOT_DIR              = $(RELEASE_DIR)/web
ENABLE_SOAP               = TRUE
ENABLE_WEB_SERVER         = TRUE

SCHEDD_ARGS               = -p 12000

COLLECTOR_SOAP_SSL_PORT   = 1979
SCHEDD_SOAP_SSL_PORT      = 1980
SOAP_SSL_SERVER_KEYFILE   = /opt/condor/certs/keyfile
SOAP_SSL_CA_FILE          = /opt/condor/certs/demoCA/cacert.pem
SCHEDD_ENABLE_SOAP_SSL    = TRUE
COLLECTOR_ENABLE_SOAP_SSL = TRUE
SEC_CANONICAL_MAPFILE     = /opt/condor/mapfile
SEC_USER_MAPFILE          = /opt/condor/userfile

# allow every one access to soap
ALLOW_SOAP                = *
# trust all users and allow them to queue
QUEUE_ALL_USERS_TRUSTED   = TRUE
ENABLE_SOAP_SSL           = TRUE

Log File:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
9/6 14:07:33 Using config source: /opt/condor/etc/condor_config
9/6 14:07:33 Using local config sources:
9/6 14:07:33    /opt/condor/local.kusanagi/condor_config.local
9/6 14:07:33 Running as root.  Enabling specialized core dump routines
9/6 14:07:33 Current Socket bufsize=63k
9/6 14:07:33 Current Socket bufsize=16k
9/6 14:07:33 Reset OS socket buffer size to 127k
9/6 14:07:33 DaemonCore: Command Socket at <128.210.189.162:9618>
9/6 14:07:33 ERROR "DaemonCore: No CERTIFICATE_MAPFILE defined, unable
to identify users, required by ENABLE_SOAP_SSL" at line 1926 in file
daemon_core.C
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at either
https://lists.cs.wisc.edu/archive/condor-users/
http://www.opencondor.org/spaces/viewmailarchive.action?key=CONDOR