[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] Problems with GSI authentication / grid-mapfile
- Date: Thu, 19 Apr 2007 15:29:07 +0200
- From: Jan Ploski <Jan.Ploski@xxxxxxxx>
- Subject: [Condor-users] Problems with GSI authentication / grid-mapfile
I have a remark about GSI authentication and a related question:
I was trying to perform GSI authentication when submitting a job to Condor
6.8.4. I noticed that despite condor_reconfig (and condor_reconfig
-schedd) it ignored the configuration variable GRIDMAP, and that it did
not look in $(GSI_DAEMON_DIRECTORY)/grid-mapfile either (even though
condor_config_val reported correct values for these configuration
variables). Instead, it looked for /opt/condor/.gridmap, which I was only
able to figure out by stracing the condor_schedd process. This caused
failed authentication and produced the error message "Failed to map <DN>
to a local user" in SchedLog. A solution to this problem was to restart
the schedd daemon using condor_off -schedd, condor_on -schedd. The
documentation should definitely mention that this step is necessary. It
would have saved me some debugging hours...
Now to the question: why do I get an error when the Unix user on the
schedd machine is different than the Unix user on the condor_submit
machine? Everything works when I both submit and map my DN to "jploski" in
the grid-mapfile, but not when when I map to "dgws0006". From
condor_submit I then get:
ERROR: Failed to set Owner="jploski" for job 1295.0 (13)
ERROR: Failed to queue job.
and in SchedLog:
4/19 15:20:38 SetAttribute security violation: setting owner to "jploski"
when active owner is "dgws0006"
I expected the job to be simply submitted as user 'dgws0006'. Why doesn't
it work that way?
Best regards -
Dipl.-Inform. (FH) Jan Ploski
Escherweg 2 - 26121 Oldenburg - Germany
Fon: +49 441 9722 - 184 Fax: +49 441 9722 - 202
E-Mail: Jan.Ploski@xxxxxxxx - URL: http://www.offis.de