[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Kerberos realm mapping problem

Liam Gretton wrote:
I just discovered something else: as far as I can see
CONDOR_SERVER_PRINCIPAL has no effect whatsoever - whatever I set it to,
or if I simply comment it out, Condor attempts to create a principal

Apologies for continuing to reply to myself.

Having spent a good day tearing my hair out trying to get this to work, I went through the Condor source code and have found no reference to CONDOR_SERVER_PRINCIPAL at all. Instead I found the following undocumented configuration settings in condor_auth_kerberos.C:


KERBEROS_SERVER_PRINCIPAL can be set to the explicit principal required, but there's no attempt to create a principal in the way that CONDOR_SERVER_PRINCIPAL is supposed to.

It seems to me that either the Kerberos handling has changed significantly in a recent version, and/or the documentation is in need of updating.


Perhaps I've missed something glaringly obvious, but I can't believe I'm the only person who's had problems getting Kerberos to work when the documentation is so at odds with the implementation?

Liam Gretton                                    L.Gretton@xxxxxxxxxxx
IT Services                                   http://www.lboro.ac.uk/
Loughborough University                       Tel: +44 (0)1509 226048
Leicestershire LE11 3TU
United Kingdom