Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] GSI authentication succeeds but authorization fails
- Date: Tue, 25 Sep 2007 14:51:36 -0500
- From: Scott Koranda <skoranda@xxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [Condor-users] GSI authentication succeeds but authorization fails
> Scott Koranda wrote:
>
> >
> > Note that
> >
> > [root@ldg-portal log]# cat /etc/grid-security/grid-mapfile.condor
> > "/DC=org/DC=doegrids/OU=People/CN=Scott Koranda 212488" skoranda
> >
>
> I think you want to have this in your map file instead:
>
> "/DC=org/DC=doegrids/OU=People/CN=Scott Koranda 212488"
> skoranda@xxxxxxxxxxxx
>
> i.e., the Condor map file desires fully qualified user names (user@domain).
Yep', that's the ticket.
Thanks much,
Scott
>
> -Todd
>
>
>
> > When, however, I try to tighten up the authorization by setting
> >
> > ALLOW_READ = skoranda@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu
> > ALLOW_WRITE = skoranda@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu
> >
> > then I as a user with the same GSI proxy credential am not
> > authorized:
> >
> > [skoranda@ldg-portal ~]$ /opt/condor/bin/condor_q
> >
> > -- Failed to fetch ads from: <129.89.61.100:44342> :
> > ldg-portal.phys.uwm.edu
> >
> > In the SchedLog I see
> >
> > MyType = "" TargetType = "" Authentication = "YES" Encryption = "YES"
> > Integrity = "YES" AuthMethodsList = "GSI" CryptoMethods =
> > "3DES,BLOWFISH" SessionDuration = "60" Enact = "YES" AuthMethods =
> > "GSI" Subsystem = "TOOL" ServerPid = 20265 RemoteVersion =
> > "$CondorVersion: 6.9.4 Aug 30 2007 $" User =
> > "skoranda@xxxxxxxxxxxxxxxxxxxxxxx" Sid =
> > "ldg-portal:20251:1190746878:0" ValidCommands =
> > "60007,60011,1111,457,471" 9/25 14:01:18 (fd:13) (pid:20251)
> > DC_AUTHENTICATE: setting sock->decode() 9/25 14:01:18 (fd:13)
> > (pid:20251) DC_AUTHENTICATE: allowing an empty message for sock. 9/25
> > 14:01:18 (fd:13) (pid:20251) DC_AUTHENTICATE: Success. 9/25 14:01:18
> > (fd:13) (pid:20251) IPVERIFY: hoststring: ldg-portal.phys.uwm.edu
> > 9/25 14:01:18 (fd:13) (pid:20251) IPVERIFY: hoststring:
> > ldg-portal.phys.uwm.edu 9/25 14:01:19 (fd:13) (pid:20251) IPVERIFY:
> > hoststring: ldg-portal.phys.uwm.edu 9/25 14:01:19 (fd:13) (pid:20251)
> > IPVERIFY: hoststring: ldg-portal.phys.uwm.edu 9/25 14:01:20 (fd:13)
> > (pid:20251) IPVERIFY: hoststring: ldg-portal.phys.uwm.edu 9/25
> > 14:01:20 (fd:13) (pid:20251) IPVERIFY: hoststring:
> > ldg-portal.phys.uwm.edu 9/25 14:01:20 (fd:13) (pid:20251) DaemonCore:
> > PERMISSION DENIED to skoranda@xxxxxxxxxxxxxxxxxxxxxxx from host
> > <129.89.61.100:42079> for command 1111 (QMGMT_CMD) 9/25 14:01:20
> > (fd:13) (pid:20251) CLOSE <129.89.61.100:44342> fd=12
> >
> > Why am I not authorized?
> >
> > Thanks,
> >
> > Scott _______________________________________________ Condor-users
> > mailing list To unsubscribe, send a message to
> > condor-users-request@xxxxxxxxxxx with a subject: Unsubscribe You can
> > also unsubscribe by visiting
> > https://lists.cs.wisc.edu/mailman/listinfo/condor-users
> >
> > The archives can be found at:
> > https://lists.cs.wisc.edu/archive/condor-users/
>
>
> --
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Todd Tannenbaum University of Wisconsin-Madison
> Condor Project Research Department of Computer Sciences
> tannenba@xxxxxxxxxxx 1210 W. Dayton St. Rm #4257
> Phone: (608) 263-7132 Madison, WI 53706-1685
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/