In the context of submitting jobs to a remote schedd, I noticed
that SEC_DEFAULT_AUTHENTICATION_METHODS on both submit host and
remote host (i.e. in the config_file that remote schedd is
referencing) have to be exactly the same; otherwise, I would get the
following error messages upon submission:
ERROR: Failed to connect to queue manager agrd0926_24240@xxxxxxxxxxxxxxxxxxxxx
AUTHENTICATE:1003:Failed to authenticate with any method
AUTHENTICATE:1004:Failed to authenticate using ...
Why is it designed so? Intuitively, if the SEC_ macro on submit host
is defined to be, say, FS:
<submit host>
SEC_DEFAULT_AUTHENTICATION_METHODS = FS
And, even if the macro defined on the remote host is not exactly the
same but is a "superset" of what's defined on submit host:
<remote host>
SEC_DEFAULT_AUTHENTICATION_METHODS = FS, REMOTE_FS, GSI
Shouldn't it be also working since they both provide file system
authentication?
If the remote host doesn't define any SEC_ macros (i.e. all security
features are not defined), then does it imply that the
SEC_DEFAULT_AUTHENTICATION_METHODS on submit host should point to
FS, KERBEROS, GSI to allow schedd authentication process to work
(since these three values are Condor's default if nothing is defined)?
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}