[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Authentication Errors



The condor configuration can be viewed here.

https://gitlab.cern.ch/vc/vm/tree/master/etc/condor/config.d

Note that only one of the files with the 35_ prefix is selected.

Cheers,

Laurence

On 21/06/16 22:32, Laurence Field wrote:
Hi Zach,

What confuses me is that we are spawning many identical VMs with the same configuration but only a few fail with this error. It should be authenticating with GSI. I tested the proxy that should be there and it seems fine. It will be difficult to get that output from affected machines. Is there anything I can do to add more relevant information in the StartLog?

Cheers,

Laurence

On 21/06/16 22:15, Zach Miller wrote:
It's not entirely clear from this short snippet, but the root problem seems to be that authentication failed.

If authentication fails, no keys are exchanged, and so the Integrity and Encryption will also be doomed to failure.

The FS authentication method only works locally because it uses the /tmp directory for file creation. Perhaps you meant to use GSI authentication?

If you want to take this off-list, you can email htcondor-admin@xxxxxxxxxxx and include the output of:
   condor_config_val -dump SEC_

And I'll see if I see anything obviously incorrect there.


Cheers,
-zach


-----Original Message-----
From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf
Of Laurence Field
Sent: Tuesday, June 21, 2016 3:03 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] Authentication Errors

Hi,

At least one of the VMs from vLHC@home is having authentication
problems. The StartLog is attached and the corresponding Collector log
is available if needed.

The relevant lines from the StartLog are:

06/19/16 22:49:11 SECMAN: enable_mac has no key to use, failing...
06/19/16 22:49:11 ERROR: SECMAN:2006:Failed to establish a crypto
key.|AUTHENTICATE:1004:Failed to authenticate using FS
06/19/16 22:49:11 CCBListener: connection to CCB server
alicondor01.cern.ch failed; will try to reconnect in 60 seconds.


Do you have any ideas why we get "SECMAN: enable_mac has no key to use,
failing..." ?

Cheers,

Laurence
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/