Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] condor_q -analyze & kerberos
- Date: Fri, 16 Jan 2009 21:34:27 -0600 (CST)
- From: Steven Timm <timm@xxxxxxxx>
- Subject: Re: [Condor-users] condor_q -analyze & kerberos
On Fri, 16 Jan 2009, Lee Damon wrote:
My condor pool is set up with the goal that users who authenticated to a
system (by logging in) do not need to have a kerberos ticket to interact
with condor but where the systems themselves need one to talk with each
other (so boxes I don't control can't just join the pool).
Without a kerberos ticket jobs are submitted fine. condor_q shows them
just fine. However, when a user runs condor_q -better they get back:
Error: Could not fetch startd ads
setting
SEC_CLIENT_AUTHENTICATION = OPTIONAL
SEC_READ_AUTHENTICATION = OPTIONAL
should let you do condor_q -better without a kerberos principal.
If that doesn't work then
export _CONDOR_TOOL_DEBUG=D_ALL
condor_q -debug -better ....
and see what authentication is going on and why it is failing.
(maybe could get by with D_SECURITY and not D_ALL).
Steve Timm
If the user gets a kerberos ticket they get actual output from condor_q
-better. It would be preferred if the user never had to get a kerberos
ticket to interact with condor (submitting, queuing, killing, querying,
etc).
All of the systems are running with the following settings:
; condor_config_val SEC_DEFAULT_AUTHENTICATION_METHODS
FS, KERBEROS
; condor_config_val SCHEDD.SEC_DEFAULT_AUTHENTICATION_METHODS
FS, KERBEROS
; condor_config_val TOOL.SEC_DEFAULT_AUTHENTICATION_METHODS
FS, KERBEROS
; condor_config_val COLLECTOR.SEC_DEFAULT_AUTHENTICATION_METHODS
FS, KERBEROS
Any hints on what I should be looking at to change the unwanted behavior
would be appreciated.
thanks,
nomad
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
--
------------------------------------------------------------------
Steven C. Timm, Ph.D (630) 840-8525
timm@xxxxxxxx http://home.fnal.gov/~timm/
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Assistant Group Leader.