[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] SSL Certificate -> User Mapping Issue



Hello,

I think I've been staring at this too long and the problem, most likely,
exists between keyboard and chair.

I'm building a HTCondor cluster with SSL authentication across the nodes
but I seem to have trouble with the certificate -> user mapping.

My configuration has

GRIDMAP = /etc/condor/wma_gridmap
CERTIFICATE_MAPFILE = /etc/condor/wma_unified_map

which are real files.  I checked for typos in the path first.  In cert
map I have:

SSL (.) GSS_ASSIST_GRIDMAP

and have tried:

SSL (.*) GSS_ASSIST_GRIDMAP

The rest of the file is defaults as per the manual (Â3.6.4), which, if I
read the correctly, should map back to GRIDMAP.  In the grid map file I
have, for example,

"/C=AU/ST=New South Wales/O=WMA Water/CN=htc-controller@xxxxxxxxxxxxxxx"
condor@xxxxxxxxxxxxxxx

However, I get permission denied with the indicative errors that I'm
seeing are:

PERMISSION DENIED to GSS_ASSIST_GRIDMAP@xxxxxxxxxxxxxxx

It seems to me that GSS_ASSIST_GRIDMAP is not mapping to GRIDMAP and
hence matching my certificates to users.  Rather it is being treated as
a user in and of itself.

I can get around this by adding:

SSL "^/C=AU/ST=New South Wales/O=WMA
Water/CN=htc-controller@xxxxxxxxxxxxxxx$" condor@xxxxxxxxxxxxxxx

to the CERTIFICATE_MAP but this seems to defeat the purpose of
GSS_ASSIST_GRIDMAP.  The above line must be before the GSS_ASSIST_LINE
to work though.

Is there something obvious that I've missed?

Thanks in advance,
-pete

-- 
Peter Brady
Email: pdbrady@xxxxxxxxxx
Skype: pbrady77

Attachment: signature.asc
Description: OpenPGP digital signature