[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] SSL help




I am trying to set up an SSL authentication with condor, and I am having a difficult time figuring out the error messages. There appears to be an error with the SSL library, but I am guessing it has to do with generating the keys. I am suing a multi-level approach and acceptable hash (md5) and encryption methods (des3).

My Condor testing pool consists of 3 machines and all Windows XP. I am using release 7.4.

The possible source of error could be one of the following (or maybe something else):
config files
mapfile (format)
generation of keys (using openssl and python)

I generated RSA certificates using md5 hash. I have a CA-root, CA-signing, and host paired keys. I am using the common name in the key to assign the host name. Because I am new to all this, I am pretty clueless to what my error may be related to. Below is a subset of my configuration files and the negotiatorlog file. Essentially the negotiator and scheduler daemons die as soon as the machine is booted or the service is restarted. The master daemon does not die.



#Global config settings
SEC_DEFAULT_AUTHENTICATION = REQUIRED  
SEC_DEFAULT_AUTHENTICATION_METHODS = SSL

SEC_DEFAULT_INTEGRITY = REQUIRED  
SEC_DEFAULT_NEGOTIATION = REQUIRE

SEC_DEFAULT_ENCRYPTION = REQUIRED
SEC_DEFAULT_INTEGRITY_METHODS = MD5
SEC_DEFAULT_ENCRYPTION_METHODS = 3DES

CERTIFICATE_MAPFILE = Path\Condor_mapfile.txt
#Mapfile looks like this:
#SSL (.*) \1



#Local config settings
### SSL key/cert multi-level authentication.
AUTH_SSL_CLIENT_CADIR = Path\Server
AUTH_SSL_CLIENT_CERTFILE = Path\MachineName.cert
AUTH_SSL_CLIENT_KEYFILE = Path\MachineName.key
#
AUTH_SSL_SERVER_CADIR = Path\Server
AUTH_SSL_SERVER_CERTFILE = Path\MachineName.cert
AUTH_SSL_SERVER_KEYFILE = Path\MachineName.key



NegotiatorLog
01/26 15:40:11 Trying to connect.
01/26 15:40:11 SSL: trying to continue reading.
01/26 15:40:11 Trying to connect.
01/26 15:40:11 SSL: trying to continue reading.
01/26 15:40:11 Receive message.
01/26 15:40:11 Trying to connect.
01/26 15:40:11 SSL: library failure.  see error queue?
01/26 15:40:11 SSL Authentication failed
01/26 15:40:11 AUTHENTICATE: no available authentication methods succeeded, failing!
01/26 15:40:11 ERROR: SECMAN:2004:Failed to create security session to <159.189.162.73:1052> with TCP.|AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using SSL
01/26 15:40:11 Failed to send alive to <159.189.162.73:1052>, will try again...
01/26 15:40:16 Trying to connect.
01/26 15:40:16 SSL: trying to continue reading.
01/26 15:40:16 Trying to connect.
01/26 15:40:16 SSL: trying to continue reading.
01/26 15:40:16 Receive message.
01/26 15:40:16 Trying to connect.
01/26 15:40:16 SSL: library failure.  see error queue?
01/26 15:40:16 SSL Authentication failed
01/26 15:40:16 AUTHENTICATE: no available authentication methods succeeded, failing!
01/26 15:40:16 ERROR: SECMAN:2004:Failed to create security session to <159.189.162.73:1052> with TCP.|AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using SSL
01/26 15:40:16 Failed to send alive to <159.189.162.73:1052>, will try again...
01/26 15:40:21 Trying to connect.
01/26 15:40:21 SSL: trying to continue reading.
01/26 15:40:21 Trying to connect.
01/26 15:40:21 SSL: trying to continue reading.
01/26 15:40:21 Receive message.
01/26 15:40:21 Trying to connect.
01/26 15:40:21 SSL: library failure.  see error queue?
01/26 15:40:21 SSL Authentication failed
01/26 15:40:21 AUTHENTICATE: no available authentication methods succeeded, failing!
01/26 15:40:21 ERROR: SECMAN:2004:Failed to create security session to <159.189.162.73:1052> with TCP.|AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using SSL
01/26 15:40:21 ERROR "FAILED TO SEND INITIAL KEEP ALIVE TO OUR PARENT <159.189.162.73:1052>" at line 9310 in file ..\src\condor_daemon_core.V6\daemon_core.cpp


Thank you for your help,
Mike