Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] authorization troubles
- Date: Fri, 25 Jul 2014 01:31:19 +0200
- From: Pek Daniel <pekdaniel@xxxxxxxxx>
- Subject: Re: [HTCondor-users] authorization troubles
Thanks for the hint. In the meantime, Brian has already helped me out
with this issue.
Solution: when I map to the FQU from a Kerberos principal, instead of
mapping to the complete FQU (user@domain/host) I have to construct
only the user@domain part, because the /host part will be filled out
by Condor.
2014-07-25 1:12 GMT+02:00 John (TJ) Knoeller <johnkn@xxxxxxxxxxx>:
> It would be helpful to know what the 'full reason' was. try scanning back
> in the log to the daemon startup banner, then forward until you see the
> first PERMISSION DIENIED error. the reason indicated there will be much
> more detailed.
>
>
> On 7/22/2014 6:31 AM, Pek Daniel wrote:
>>
>> Hi,
>>
>> Something is wrong in my authorization rule, and can't figure out what:
>>
>> SCHEDD.ALLOW_WRITE = *@foo.bar/*.foo.bar
>>
>> then I get this:
>> PERMISSION DENIED to condor@xxxxxxx/bla.foo.bar from host
>> xxx.xxx.xxx.xxx for command 1112 (QMGMT_WRITE_CMD), access level
>> WRITE: reason: cached result for WRITE; see first case for the full
>> reason
>>
>> then I change the rule:
>> SCHEDD.ALLOW_WRITE = *@*/*.foo.bar # omitting the @foo.bar part
>>
>> And tadaam, it works.
>>
>> Can somebody explain why *@*/*.foo.bar matches
>> condor@xxxxxxx/bla.foo.bar, but *@foo.bar/*.foo.bar doesn't?
>>
>> Thanks,
>> Daniel
>> _______________________________________________
>> HTCondor-users mailing list
>> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with
>> a
>> subject: Unsubscribe
>> You can also unsubscribe by visiting
>> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>>
>> The archives can be found at:
>> https://lists.cs.wisc.edu/archive/htcondor-users/
>
>
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/