Hi,
I am proceeding to truly secure, authenticated web service job
submission to Condor.
The latest snag I've hit is this. I am trying to submit a job with
SOAP/SSL enabled. I have authenticated
with the web service using my client certificate. However, even
though
I have SOAP/SSL enabled,
if I have QUEUE_ALL_USERS_TRUSTED=False, I get 'Could not create new
cluster'.
when I try to create a new cluster.
From my reading of Erik Paulson's message:
If set to True, then unauthenticated users are
allowed to write to the queue, and also we always trust whatever
the
Owner value is set to be by the client in the job ad.
it seems that since I'm coming in as an authenticated user, I
should be
able to create a new cluster
without this variable set to True.
My config includes:
ETWORK_INTERFACE = 131.243.2.15
CONDOR_HOST=oliver.lbl.gov
ENABLE_SOAP=TRUE
ENABLE_WEB_SERVER = TRUE
ALLOW_SOAP= */131.243.2.255
WEB_ROOT_DIR = /home/portnoy/dsd/Linux/condor/condor-6.8.1/lib/
webservice
ALLOW_WRITE=* ## this needs to be tightened
#QUEUE_ALL_USERS_TRUSTED=TRUE ## this is required for people to submit
jobs via http but not https
COLLECTOR_SOAP_SSL_PORT=9619
SOAP_SSL_SERVER_KEYFILE = /var/condor/condor-6.8.1/private/key
SOAP_SSL_CA_DIR = /etc/condor/certificates
## condor-6.8.1 misnamed these two files
CERTIFICATE_MAPFILE = /etc/condor/canonical_map
USER_MAPFILE = /etc/condor/user_map
SEC_CANONICAL_MAPFILE = /etc/condor/canonical_map
SEC_USER_MAPFILE = /etc/condor/user_map
ENABLE_SOAP_SSL = TRUE
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx
with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at either
https://lists.cs.wisc.edu/archive/condor-users/
http://www.opencondor.org/spaces/viewmailarchive.action?key=CONDOR
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}