[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] HTCondor with smartcard logon


Thanks for the response.

Running as "slot users" sounds like a suitable solution. I've followed the instructions for such in section but it still doesn't work.

I assume I need to store the account credentials with condor_store_cred but I don't know the syntax to use for a local account.



On Fri, Oct 2, 2015 at 10:18 AM, Zach Miller <zmiller@xxxxxxxxxxx> wrote:
> -----Original Message-----
> From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf
> Of Durnan, Andy
> Sent: Friday, October 02, 2015 8:47 AM
> To: htcondor-users@xxxxxxxxxxx
> Subject: [HTCondor-users] HTCondor with smartcard logon
> Hello,
> All job submissions go idle when smartcard authentication is enforced. I've
> implemented credd per the guidance in the 8.4.0 manual to no avail.

The high-level issue here is that in order to run jobs on the execute machines as a specific user, HTCondor needs to "log in" as that user on the execute machine before running the job.

When you are requiring smartcard logon, HTCondor can no longer do that, even if you have stored the password using the CredD.

One option is to run the jobs as either "nobody" users or "slot users". Check out this section:

And this one:

Basically, if you'll require smartcard logon, jobs will not be allowed to run as their owner. This is normally the default on Windows, so have you changed settings such as STARTER_ALLOW_RUNAS_OWNER?


HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at:

Andy Durnan, IT Specialist
Wyoming-Montana Water Science Center
521 Progress Circle, Ste 6
Cheyenne WY 82007
(307) 775-9171 (Office)
(307) 757-6464 (Cell)