[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] Authentication: username conflict with mapped name

Hi all,

I have recently expanded our authentication methods with the intent of
allowing remote users to submit jobs to our infrastructure. We want to
use GSI authentication to identify users distinctly regardless of where
they are submitting from.

First experiments have revealed a problem, though: condor always
attempts to set the owner of a job to the username with which the job
was submitted, not the mapped username. If the two do not match, the
submit will fail.
For example, if I submit from my own computer, my username there is
MaxFischer which matches the mapped name and the submit succeeds. If
however I try to submit from our institute resources, my username there
is mfischer which causes a mismatch [1] and denies submit rights.

This complicates or outright prevents many use-cases we'd really, really
like to have!

Ideally, I'd like to completely disable Condor's mapping to the submit
user name and have it use the mapped name only. Alternatively, if users
could tell Condor what username they want to use (either through the
config or a command), that would work as well. Is this possible in any way?

Thanks in advance,

[1] ScheddLog
SetAttribute security violation: setting owner to "mfischer" when active
owner is "MaxFischer"