Re: [Condor-users] job submssion fails with SSL in 6.8.4

[Zachary Miller <zmiller@xxxxxxxxxxx>]

> C:\>condor_submit host.sub
> 
> Submitting job(s)
> ERROR: Failed to set Owner="smithic" for job 5.0 (0)
> 
> ERROR: Failed to queue job.

first, let me apologize for the lack of documentation.

the reason it is failing is because condor doesn't know that your ssl
credentials should be the user 'smithic'.  so what you need here is a way to
map the subject of your SSL certificate to a particular user, in this case
'smithic'.

to do this, you need to define CERTIFICATE_MAPFILE in your condor_config to
point to a file that does the mappings.  the file format is simple.  one line
is a rule.  each rule has three columns:
  AUTHMETHOD   REGEX   USERNAME

in your case, you'll want:

SSL  (.*)  smithic


the forthcoming 6.9.2 manual has some rudimentary documentation
on this, which can be found here:
  http://www.cs.wisc.edu/condor/manual/v6.9.2/3_6Security.html#21555


note that the above example will map all users to 'smithic'.  you
may need to have several rules if you want different users, or use
a RegEx to extract the username from the certificate subject, if
it is the same as in the password file.


SSL   /C=US/ST=Wisconsin/L=Madison/O=Condor/CN=zachskey  zmiller
SSL   /C=US/ST=Wisconsin/L=Madison/O=Condor/CN=ianskey   smithic
SSL   /C=US/ST=Wisconsin/L=Madison/O=Condor/CN=(.*)      \1


again, sorry for the lack of documentation... i am working on it.
in the meantime, please feel free to ask more questions, as my
answers will likely become the documentation.  also, i dislike
the name 'CERTIFICATE_MAPFILE' and was hoping to change it before
this got officially released, so be prepared for all of this changing
slightly in the future.


cheers,
-zach