[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] server authorization in condor-g


I just tried to submit jobs using condor-g (v7.1.3) to a GT server
(4.1.1) that runs with a user proxy, and not with "real" host
credentials. I'm getting the following exception in the Gridmanager log:

10/27 15:02:06 [22571] GAHP[22573] (stderr) ->  faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
10/27 15:02:06 [22571] GAHP[22573] (stderr) ->  faultSubcode:
10/27 15:02:06 [22571] GAHP[22573] (stderr) -> faultString: org.globus.common.ChainedIOException: Authentication failed [Caused by: Operation unauthorized (Mechanism level: Authorization failed. Expected &quot;/CN=host/<HOST_NAME>&quot; target but received &quot;/DC=org/DC=.../OU=.../CN=...&quot;)]

I didn't find anything in the documentation about this, but a glance
at the Gahp code from (v1.7.0) seems to indicate that only
HostAuthorization can be used, but i might be wrong, and it might have
changed in the meantime.

Is there a way to e.g. specify a DN in the condor-g job description so
that IdentityAuthorization instead of HostAuthorization is used in all
calls to a server?

Thanks, Martin