Re: [HTCondor-users] Authentication issue

[Zachary Miller <zmiller@xxxxxxxxxxx>]

On Mon, Sep 15, 2014 at 11:43:03AM +0200, Pek Daniel wrote:
> Hi,
> 
> I get this message in my CollectorLog on host a.b.c.d,X.Y.Z every time
> after a 'service condor restart' on host:

First question: During "normal operation" (i.e. before a restart) do
you see this in the log at all?  If you run "condor_status -collector"
do you see an ad for the Collector?


> It looks like a locally sent commnd. This message is in the
> CollectorLog, and it's an UPDATE_COLLECTOR_AD, so I guess the daemon
> sends a command to itself (?).
> 
> The strange part is unauthenticated@unmapped. I have these settings on
> every nodes:

For some special cases, including when a daemon sends commands to itself, it
does so using a differnt mechanism than the normal security methods.  This is
why it's not using GSI or KERBEROS, and likely why you are ending up with the
unauthenticated@unmapped canonical name.  However, the same authorization
policies are still being applied.

The good news is in this particular case, it probably isn't really a problem
and is just noise in the log, but it is definitely something I need to look
into.  Thanks for the report... I will investigate, make a ticket, and get back
to you.


Cheers,
-zach