Re: [HTCondor-users] Simulating HTCondor's delegation of a proxy (fwd)

[Brian Bockelman <bbockelm@xxxxxxxxxxx>]

On Sep 17, 2013, at 9:40 AM, Steven Timm <timm@xxxxxxxx> wrote:

> 
> I am trying to debug a situation where the condor pool
> is running with GSI authentication, and DELEGATE_JOB_GSI_CREDENTIALS
> is at its default value of TRUE.
> 
> At submission each user typically has x.509 proxy (legacy format) with a DN like:
> 
> /DC=gov/DC=fnal/O=Fermilab/OU=Robots/CN=gpsn01.fnal.gov/CN=cron/CN=Steven C. Timm/CN=UID:timm/CN=proxy
> 
> At execution condor does a second delegation such that we are then dealing with
> 
> /DC=gov/DC=fnal/O=Fermilab/OU=Robots/CN=gpsn01.fnal.gov/CN=cron/CN=Steven C. Timm/CN=UID:timm/CN=proxy/CN=proxy
> 
> and it is this double-delegated proxy which is failing to authenticate
> with the resource.
> 
> My question.. is there any way to delegate the proxy using the same method
> that condor does so as to reliably reproduce such a proxy without having
> to steal it off of a worker node from a running job every time?
> 

Hi Steve,

What about doing a remote submit (or maybe just a local submit with spooling)?  That ought to trigger the file transfer code, which is what delegates the proxy.

Brian