Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] authorization troubles
- Date: Thu, 24 Jul 2014 19:45:02 -0500
- From: Brian Bockelman <bbockelm@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] authorization troubles
Probably the HTCondor bug in all of this is the fact that Daniel was able to set the domain as "domain/host" (as in unl.edu/foo.unl.edu). Shouldn't HTCondor disallow domains with a "/" character?
Brian
On Jul 24, 2014, at 6:31 PM, Pek Daniel <pekdaniel@xxxxxxxxx> wrote:
> Thanks for the hint. In the meantime, Brian has already helped me out
> with this issue.
>
> Solution: when I map to the FQU from a Kerberos principal, instead of
> mapping to the complete FQU (user@domain/host) I have to construct
> only the user@domain part, because the /host part will be filled out
> by Condor.
>
> 2014-07-25 1:12 GMT+02:00 John (TJ) Knoeller <johnkn@xxxxxxxxxxx>:
>> It would be helpful to know what the 'full reason' was. try scanning back
>> in the log to the daemon startup banner, then forward until you see the
>> first PERMISSION DIENIED error. the reason indicated there will be much
>> more detailed.
>>
>>
>> On 7/22/2014 6:31 AM, Pek Daniel wrote:
>>>
>>> Hi,
>>>
>>> Something is wrong in my authorization rule, and can't figure out what:
>>>
>>> SCHEDD.ALLOW_WRITE = *@foo.bar/*.foo.bar
>>>
>>> then I get this:
>>> PERMISSION DENIED to condor@xxxxxxx/bla.foo.bar from host
>>> xxx.xxx.xxx.xxx for command 1112 (QMGMT_WRITE_CMD), access level
>>> WRITE: reason: cached result for WRITE; see first case for the full
>>> reason
>>>
>>> then I change the rule:
>>> SCHEDD.ALLOW_WRITE = *@*/*.foo.bar # omitting the @foo.bar part
>>>
>>> And tadaam, it works.
>>>
>>> Can somebody explain why *@*/*.foo.bar matches
>>> condor@xxxxxxx/bla.foo.bar, but *@foo.bar/*.foo.bar doesn't?
>>>
>>> Thanks,
>>> Daniel
>>> _______________________________________________
>>> HTCondor-users mailing list
>>> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with
>>> a
>>> subject: Unsubscribe
>>> You can also unsubscribe by visiting
>>> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>>>
>>> The archives can be found at:
>>> https://lists.cs.wisc.edu/archive/htcondor-users/
>>
>>
>> _______________________________________________
>> HTCondor-users mailing list
>> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
>> subject: Unsubscribe
>> You can also unsubscribe by visiting
>> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>>
>> The archives can be found at:
>> https://lists.cs.wisc.edu/archive/htcondor-users/
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/