Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Using authentication

Zach,

I appreciate your comment but there is a reason I can not implement FS authentication. As the cluster expands it will include Windows hosts and I understand that FS is not possible with them.

Do you have any insight into what the error message means?

I would really like to have this cluster working so I can offer it as an option.  Our company is creating a new process to extract elevation data from stereo satellite photos and I believe having a cluster would offload users manually dealing with schedualing processes. Right now, I just need authentication of some type to work.  Unfortunately when I read the chapter on Security the conceptual sections make sense but something I have or have not done in teh application of the authentication obvioulsy does not work. 

Regards,

Hugh



On Thu, Jun 20, 2013 at 7:05 AM, Zachary Miller <zmiller@xxxxxxxxxxx> wrote:
> Searching the local and general config files did not give me a clear idea of
> where the authentication methods were being set.   From the web documentation I
> tried to setup simple PASSWORD authentication.

PASSWORD authentication is great for authenticating daemon-to-daemon
communication, but it can't (well, shouldn't) be used for authenticating
users and job submissions.

In your config:

> SEC_DEFAULT_AUTHENTICATION_METHODS = PASSWORD

...you are using PASSWORD for all communication.  My suggestion would be to
also add FS to the list for authenticating users:

        SEC_DEFAULT_AUTHENTICATION_METHODS = FS, PASSWORD
        SEC_PASSWORD_FILE = /etc/condor/pool
        SEC_DAEMON_AUTHENTICATION_METHODS = PASSWORD
        ALLOW_DAEMON = condor_pool@$(UID_DOMAIN)/*.my.domain, \
                                   condor@$(UID_DOMAIN)/$(IP_ADDRESS)
        ALLOW_NEGOTIATOR = condor_pool@$(UID_DOMAIN)/oracle1.my.domain
        ALLOW_ADVERTISE_STARTD = condor_pool@$(UID_DOMAIN)/*.my.domain


Let me know if you are still having trouble with that configuration.


Cheers,
-zach

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/