[Condor-users] Questions on SEC_<context>_<feature> macros

["Barnett P. Chiu" <thiaoouban@xxxxxxxxx>]

Hi, 

    In the context of submitting jobs to a remote schedd, I noticed that SEC_DEFAULT_AUTHENTICATION_METHODS on both submit host and remote host (i.e. in the config_file that remote schedd is referencing) have to be exactly the same; otherwise, I would get the following error messages upon submission: 

ERROR: Failed to connect to queue manager agrd0926_24240@xxxxxxxxxxxxxxxxxxxxx
AUTHENTICATE:1003:Failed to authenticate with any method
AUTHENTICATE:1004:Failed to authenticate using ... 

Why is it designed so? Intuitively, if the SEC_ macro on submit host is defined to be, say, FS: 

<submit host> 
SEC_DEFAULT_AUTHENTICATION_METHODS = FS

And, even if the macro defined on the remote host is not exactly the same but is a "superset" of what's defined on submit host: 

<remote host> 
SEC_DEFAULT_AUTHENTICATION_METHODS = FS, REMOTE_FS, GSI 

Shouldn't it be also working since they both
 provide file system authentication? 

If the remote host doesn't define any SEC_ macros (i.e. all security features are not defined), then does it imply that the SEC_DEFAULT_AUTHENTICATION_METHODS on submit host should point to 
FS, KERBEROS, GSI to allow schedd authentication process to work (since these three values are Condor's default if nothing is defined)? 

Thank you, 

~Barnett

---

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.