Mailing List Archives
Public Access
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] SSL + windows
- Date: Thu, 27 Aug 2009 13:26:13 -0500
- From: Zachary Miller <zmiller@xxxxxxxxxxx>
- Subject: Re: [Condor-users] SSL + windows
> However when I run condor_submit I have in the SchedLog on Windows
>
> SetAttribute security violation: setting owner to "administrateur"
> when active owner is "ssl"
you will also need to set up the CERTIFICATE_MAPFILE in order to map
the ssl credentials to actual users. here's the manual entry:
http://www.cs.wisc.edu/condor/manual/v7.1/3_6Security.html#24819
and here's an example:
FS (.*) \1
FS_REMOTE (.*) \1
GSI (.) GSS_ASSIST_GRIDMAP
SSL "^/DC=org/DC=doegrids/OU=People/CN=Zach Miller 139787$" zmiller@xxxxxxxxxxx
SSL (.) GSS_ASSIST_GRIDMAP
KERBEROS (.*) \1
NTSSPI (.*) \1
CLAIMTOBE (.*) nobody
PASSWORD (.*) \1
in the above example, you can see that it maps my subject name explicitly to
the user "zmiller@xxxxxxxxxxx". you will want to map the name to the user who
is submitting the job.
as a side note, it seems you are submitting as the admin user. i'd recommend
submitting as a regular user.
cheers,
-zach