[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Authentication Errors
- Date: Tue, 21 Jun 2016 20:40:14 +0000
- From: Zach Miller <zmiller@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] Authentication Errors
Sure, in the condor configuration:
STARTD_DEBUG = D_SECURITY:2 D_COMMAND
Or if you want to really go nuts:
STARTD_DEBUG = D_ALL:2
The part that puzzled me in the earlier email was I didn't see any message about GSI failing, so it appears it wasn't attempted. The full log should provide evidence one way or the other.
> -----Original Message-----
> From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf
> Of Laurence Field
> Sent: Tuesday, June 21, 2016 3:33 PM
> To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
> Subject: Re: [HTCondor-users] Authentication Errors
> Hi Zach,
> What confuses me is that we are spawning many identical VMs with the
> same configuration but only a few fail with this error. It should be
> authenticating with GSI. I tested the proxy that should be there and it
> seems fine. It will be difficult to get that output from affected
> machines. Is there anything I can do to add more relevant information in
> the StartLog?
> On 21/06/16 22:15, Zach Miller wrote:
> > It's not entirely clear from this short snippet, but the root problem
> seems to be that authentication failed.
> > If authentication fails, no keys are exchanged, and so the Integrity and
> Encryption will also be doomed to failure.
> > The FS authentication method only works locally because it uses the /tmp
> directory for file creation. Perhaps you meant to use GSI authentication?
> > If you want to take this off-list, you can email htcondor-
> admin@xxxxxxxxxxx and include the output of:
> > condor_config_val -dump SEC_
> > And I'll see if I see anything obviously incorrect there.
> > Cheers,
> > -zach
> >> -----Original Message-----
> >> From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On
> >> Of Laurence Field
> >> Sent: Tuesday, June 21, 2016 3:03 PM
> >> To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
> >> Subject: [HTCondor-users] Authentication Errors
> >> Hi,
> >> At least one of the VMs from vLHC@home is having authentication
> >> problems. The StartLog is attached and the corresponding Collector log
> >> is available if needed.
> >> The relevant lines from the StartLog are:
> >> 06/19/16 22:49:11 SECMAN: enable_mac has no key to use, failing...
> >> 06/19/16 22:49:11 ERROR: SECMAN:2006:Failed to establish a crypto
> >> key.|AUTHENTICATE:1004:Failed to authenticate using FS
> >> 06/19/16 22:49:11 CCBListener: connection to CCB server
> >> alicondor01.cern.ch failed; will try to reconnect in 60 seconds.
> >> Do you have any ideas why we get "SECMAN: enable_mac has no key to use,
> >> failing..." ?
> >> Cheers,
> >> Laurence
> > _______________________________________________
> > HTCondor-users mailing list
> > To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with
> > subject: Unsubscribe
> > You can also unsubscribe by visiting
> > https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> > The archives can be found at:
> > https://lists.cs.wisc.edu/archive/htcondor-users/
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> The archives can be found at: