[Condor-users] credentials issue .. until putting CREDD on that host briefly.

[Steve Shaw <steveshaw89@xxxxxxxxxxx>]

Hey all, I have been having an ongoing weird issue with Condor related to credentials as in my previous post and am still hoping somebody out there has an inkling as to what is happening (using 7.0.4) This is the scenario. Machine A has CREDD, SCHEDD and STARTD on it Machine B has SCHEDD and STARTD on it Machine C has SCHEDD and STARTD on it I'm running jobs with run_as_owner (and with CREDD_CACHE_LOCALLY set to true as well as STARTER_ALLOW_RUN_AS_OWNER set to true) If I do a condor_store_cred add and add my username@DOMAIN, I can successfully query from any machine for that username. But to start, if I do a condor_submit from Machine B or Machine C, then I will get a failure: ShadowLog (of submitter): 7/29 18:51:48 (1.0) (1816): condor_read(): recv() returned -1, errno = 10054, assuming failure reading 5 bytes from . 7/29 18:51:48 (1.0) (1816): IO: Failed to read packet header 7/29 18:51:48 (1.0) (1816): ERROR: Could not locate valid credential for user 'steveshaw89@XYCANADA' 7/29 18:51:48 (1.0) (1816): init_user_ids() failed! Schedlog reports something similar... CredLog: 7/29 21:04:48 DaemonCore: Command received via TCP from host , access level DAEMON 7/29 21:04:48 DaemonCore: received command 81099 (CREDD_GET_PASSWD), calling handler (get_passwd_handler) However, if I then, take Machine B and put the CREDD on it, then I can now successfully communicate between Machine A and Machine B, but Machine C will keep the same failures. But if I then move the CREDD to Machine C, I can now successfully send jobs from A,B or C and have it received by A, B, or C. Then I can put the CREDD on any machine and everything works great. They all communicate with eachother a-ok. Note that the only settings that I changed on all 3 machines to get them to work was the DAEMON_LIST and the CREDD_HOST. Anybody know why this behaviour might be occurring? So, now I can add machines to my network by installing, configuring, briefly adding the CREDD to them and then relinquishing the CREDD from it. There may very well be something that I haven't configured properly as I did not change the authentication from what is there at default (which is the old HOSTALLOW, etc. configurations -- maybe I need to start using ALLOW?), though through reading all the docs, if I don't want/need any authentication, etc. then it didn't appear that I needed to make any changes in addition to the few changes I made. Any help is appreciated greatly, of course :) Steve

---