[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] Understanding Credd



Hello again,

Do to the lack of response to my first post I figured that what I was trying to do simply wasn't a good solution to our problems here. So I've decided that boot-strapping any renders with a java universe job is an all-together easier way of going about getting things moving equally on windows and linux.
So jobs can run which is great but now I'm faced with the task of having jobs run as the submitting user so as to be able to access network shares from the running job.

I'm struggling to grasp the configuration of Credd and how to actually get this working. I don't know if I'm having a slow brain day or not but would someone correct me here where I'm wrong? :) I'm trying to get Linux working before windows.

Only one machine runs Credd?
For each execute/submit node, CREDD_HOST should be set to the fqdn of the machine running credd?

My condor_config.local has these lines added:
STARTER_ALLOW_RUNAS_OWNER=true
SEC_PASSWORD_FILE=/condor/etc/passwd # generated with condor_store_cred -f and exists on both machines
CREDD_HOST=$(CONDOR_HOST) # which is the machine running credd
SEC_CLIENT_AUTHENTICATION_METHODS=PASSWORD

When I restart condor on the two machines and try to submit a job I get:
Submitting job(s)
ERROR: Failed to connect to local queue manager
AUTHENTICATE:1003:Failed to authenticate with any method

Output into ScheddLog:
10/24 15:21:36 (pid:17521) AUTHENTICATE: no available authentication methods succeeded, failing!
10/24 15:21:36 (pid:17521) SCHEDD: authentication failed: AUTHENTICATE:1003:Failed to authenticate with any method

So then when I try this again but also run Credd on both nodes I get the same results. I imagined that Linux wouldn't need a credd daemon to run jobs as the submitting user if it ran as root, however this hasn't been the case as all of my jobs were reporting the user as 'nobody'. Is this a side effect of the java universe?

I suppose it's also worth it to mention that we use ldap on the linux side. Does that affect this?

Thanks,
Chip