[Condor-users] windows service stop bug with condor_credd

[Alexandre Fayolle <alexandre.fayolle@xxxxxxxxxx>]

Hi,

I'm running a central manager on Windows with credd enabled, and I've noticed 
that I cannot stop the condor service without manually killing the 
condor_credd executable using the windows task manager : the service stays 
alive in "pending shutdown" state until I do so.

I'm running condor 7.4.1 on Windows 2003. All the processes are started as 
local system. The condor config is fairly standard (I used the examples from 
the documentation on for the credd part), the condor_config.local file is 
attached. 

Is this a bug in condor or is there something that I can configure to have 
clean shutdowns of the service?

Thanks for your help. 

-- 
Alexandre Fayolle                              LOGILAB, Paris (France)
Formations Python, Zope, Plone, Debian:  http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
Informatique scientifique:               http://www.logilab.fr/science

#ALL_DEBUG               = D_ALL


ADD_WINDOWS_FIREWALL_EXCEPTION = False
WINDOWS_FIREWALL_FAILURE_RETRY = 5

CREDD_HOST=electrabel.pylos.logilab.fr

ALLOW_READ=*/electrabel.pylos.logilab.fr, */electrabel2.pylos.logilab.fr
ALLOW_WRITE=*/electrabel.pylos.logilab.fr, */electrabel2.pylos.logilab.fr
ALLOW_ADMINISTRATOR=*/electrabel.pylos.logilab.fr
ALLOW_CONFIG=*/electrabel.pylos.logilab.fr

######################################################################
##
##  condor_config.credd
##
##  This is the default local configuration file for the machine
##  running the condor_credd.  You should copy this file to the
##  appropriate location and customize it for your needs.  
##
######################################################################

## Note: The following settings will need to be present in your
## global config file:
##
##   CREDD_HOST = ele
## STARTER_ALLOW_RUNAS_OWNER = True
##  CREDD_CACHE_LOCALLY = True
##
## You'll also need to ensure that clients are configured to use
## PASSWORD authentication on any machine that can run jobs as the
## submitting user. For example,
##
## SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
##
## And finally, you'll need to enable CONFIG-level access for all
## machines in the pool so that the pool password can be stored:
##
##   ALLOW_CONFIG = Administrator@*
##   SEC_CONFIG_NEGOTIATION = REQUIRED
##   SEC_CONFIG_AUTHENTICATION = REQUIRED
##   SEC_CONFIG_ENCRYPTION = REQUIRED
##   SEC_CONFIG_INTEGRITY = REQUIRED
##
## See the "Executing Jobs as the Submitting User" section of the
## Condor manual for further details.

## CREDD_SETTINGS

## CREDD logging settings
## Customize these if you wish.
CREDD_LOG = $(LOG)/CreddLog
CREDD_DEBUG = D_COMMAND
MAX_CREDD_LOG = 50000000

#################################################
## CREDD Expert settings
## Everyting below is for the UBER-KNOWLEDGEABLE only!
## Do not change these unless you know what you do!
#################################################


DAEMON_LIST = $(DAEMON_LIST), CREDD
#DC_DAEMON_LIST = \
#MASTER, STARTD, SCHEDD, KBDD, COLLECTOR, NEGOTIATOR, EVENTD, \
#VIEW_SERVER, CONDOR_VIEW, VIEW_COLLECTOR, HAWKEYE, CREDD, HAD, \
#QUILL

CREDD    = $(SBIN)/condor_credd.exe

# Timeout session quickly since we normally only get contacted
# once per starter
SEC_CREDD_SESSION_TIMEOUT = 10


# Set security settings so that full security to the credd is required
CREDD.SEC_DEFAULT_AUTHENTICATION =REQUIRED
CREDD.SEC_DEFAULT_ENCRYPTION = REQUIRED
CREDD.SEC_DEFAULT_INTEGRITY = REQUIRED
CREDD.SEC_DEFAULT_NEGOTIATION = REQUIRED 

# Require PASSWORD auth for password fetching
CREDD.SEC_DAEMON_AUTHENTICATION_METHODS = PASSWORD

# Only honor password fetch requests to the trusted "condor_pool" user
CREDD.ALLOW_DAEMON = condor_pool@$(UID_DOMAIN)

# Require NTSSPI for storing credentials
CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS = NTSSPI