Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] condor_store_cred not working with Kerberos accounts on Windows
- Date: Fri, 2 Feb 2007 15:53:55 -0800 (PST)
- From: "Joseph D. Kulisics" <kulisics@xxxxxxxxxxxxx>
- Subject: [Condor-users] condor_store_cred not working with Kerberos accounts on Windows
Hi,
I know that this works, because I did all of my early experimenting with
job submissions on a Windows machine, and I had to store my Kerberos
credentials at the time that I used that configuration. Now, I can't get
condor_store_cred to work at all.
Here is my setup. I have an AD server with Windows accounts mapped to
Kerberos principals on a linux server running Kerberos. My Kerberos
realm is CHEM.UCLA.EDU, and my AD domain is windows.chem.ucla.edu. We
create AD accounts with random passwords, and the trust between the AD
domain and windows allows clients to authenticate users with their
Kerberos passwords. In short, the users don't know their password on the
AD server.
Right now, I can use condor_store_cred like this:
condor_store_cred -u testacct@WINDOWS add
and it works fine. (I set the password in AD to something that I knew for
the purpose of testing, but in no other way is this account different than
an ordinary user account.) However, this fails:
condor_store_cred -u testacct@xxxxxxxxxxxxx add
with the error:
Operation failed: bad password.
I've tried probably fifty times, so there is no way that I incorrectly
typed the password. (I had to use it to log into Windows.) In SchedLog on
Windows, I get the error:
Failed to log in testacct@xxxxxxxxxxxxx with err=1326.
I have a central manager configured to allow submissions, and I can use it
to submit jobs to the Windows client as an execute host. I can query the
status of the pool from the Windows client. I just can't seem to get it to
store credentials. Does anyone have a guess as to what could be the
problem? Please, let me know if there is some data that I can submit that
might be helpful. Thanks,
Joseph Kulisics
_____________________________________________________
For the judgement of mankind is as relentless to the weakness that falls
short of a recognized renown, as it is jealous of the arrogance that
aspires higher than its due.
Pericles as quoted by Thucydides,
Book II of his history of the Peloponnesian War