Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] condor_q -analyze & kerberos
- Date: Wed, 21 Jan 2009 13:31:45 -0800
- From: Lee Damon <nomad@xxxxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [Condor-users] condor_q -analyze & kerberos
Steven Timm wrote:
>>> SEC_CLIENT_AUTHENTICATION = OPTIONAL
>>> SEC_READ_AUTHENTICATION = OPTIONAL
Much to my sadness, these settings didn't help. I've got them set on
both the submitting host and on the collector/negotiator host. Here's
the output of a condor_q -debug -better with _CONDOR_TOOL_DEBUG set to
D_SECURITY. As far as I can tell it's completely ignoring the OPTIONAL
setting.
1/21 13:25:08 KEYCACHE: created: 0x8e962d0
1/21 13:25:08 STARTCOMMAND: starting 5 to <128.208.232.229:9618> on TCP
port 36658.
1/21 13:25:08 SECMAN: command 5 to <128.208.232.229:9618> on TCP port
36658 (blocking).
1/21 13:25:08 SECMAN: new session, doing initial authentication.
1/21 13:25:08 SECMAN: Auth methods: FS,KERBEROS
1/21 13:25:08 HANDSHAKE: in handshake(my_methods = 'FS,KERBEROS')
1/21 13:25:08 HANDSHAKE: handshake() - i am the client
1/21 13:25:08 HANDSHAKE: sending (methods == 68) to server
1/21 13:25:08 HANDSHAKE: server replied (method = 4)
1/21 13:25:08 AUTHENTICATE_FS: used dir /tmp/FS_XXXR7HXWg, status: 0
1/21 13:25:08 AUTHENTICATE: method 4 (FS) failed.
1/21 13:25:08 HANDSHAKE: in handshake(my_methods = 'KERBEROS')
1/21 13:25:08 HANDSHAKE: handshake() - i am the client
1/21 13:25:08 HANDSHAKE: sending (methods == 64) to server
1/21 13:25:08 HANDSHAKE: server replied (method = 64)
1/21 13:25:08 KERBEROS: krb5_unparse_name:
host/flock09.ee.washington.edu@xxxxxxxxxxxxxxxxx
1/21 13:25:08 KERBEROS: no user yet determined, will grab up to slash
1/21 13:25:08 KERBEROS: picked user: host
1/21 13:25:08 KERBEROS: remapping 'host' to 'condor'
1/21 13:25:08 unable to open map file (null), errno 2
1/21 13:25:08 Client is condor@(null)
1/21 13:25:08 KERBEROS: Server principal is
host/flock09.ee.washington.edu@xxxxxxxxxxxxxxxxx
1/21 13:25:08 Acquiring credential for user
1/21 13:25:08 KERBEROS: No credentials cache found
1/21 13:25:08 AUTHENTICATE: method 64 (KERBEROS) failed.
1/21 13:25:08 HANDSHAKE: in handshake(my_methods = '')
1/21 13:25:08 HANDSHAKE: handshake() - i am the client
1/21 13:25:08 HANDSHAKE: sending (methods == 0) to server
1/21 13:25:08 HANDSHAKE: server replied (method = 0)
1/21 13:25:08 AUTHENTICATE: no available authentication methods
succeeded, failing!
1/21 13:25:08 ERROR: AUTHENTICATE:1003:Failed to authenticate with any
method|AUTHENTICATE:1004:Failed to authenticate using
KERBEROS|AUTHENTICATE:1004:Failed to authenticate using FS
Error: Could not fetch startd ads
I'm hoping I'm just doing something bogus here.
nomad