Re: [HTCondor-users] HTCondor with smartcard logon

[Zach Miller <zmiller@xxxxxxxxxxx>]

> -----Original Message-----
> From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf
> Of Durnan, Andy
> Sent: Friday, October 02, 2015 8:47 AM
> To: htcondor-users@xxxxxxxxxxx
> Subject: [HTCondor-users] HTCondor with smartcard logon
> 
> Hello,
> 
> All job submissions go idle when smartcard authentication is enforced. I've
> implemented credd per the guidance in the 8.4.0 manual to no avail.

The high-level issue here is that in order to run jobs on the execute machines as a specific user, HTCondor needs to "log in" as that user on the execute machine before running the job.

When you are requiring smartcard logon, HTCondor can no longer do that, even if you have stored the password using the CredD.

One option is to run the jobs as either "nobody" users or "slot users".  Check out this section:
  http://research.cs.wisc.edu/htcondor/manual/v8.4/7_2Microsoft_Windows.html

And this one:
  http://research.cs.wisc.edu/htcondor/manual/v8.4/3_3Configuration.html#21746

Basically, if you'll require smartcard logon, jobs will not be allowed to run as their owner.  This is normally the default on Windows, so have you changed settings such as STARTER_ALLOW_RUNAS_OWNER?


Cheers,
-zach