Re: [HTCondor-users] Authentication Errors

[Zach Miller <zmiller@xxxxxxxxxxx>]

Sure, in the condor configuration:

  STARTD_DEBUG  = D_SECURITY:2 D_COMMAND

Or if you want to really go nuts:

  STARTD_DEBUG =  D_ALL:2


The part that puzzled me in the earlier email was I didn't see any message about GSI failing, so it appears it wasn't attempted.  The full log should provide evidence one way or the other.


Cheers,
-zach



> -----Original Message-----
> From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf
> Of Laurence Field
> Sent: Tuesday, June 21, 2016 3:33 PM
> To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
> Subject: Re: [HTCondor-users] Authentication Errors
> 
> Hi Zach,
> 
> What confuses me is that we are spawning many identical VMs with the
> same configuration but only a few fail with this error. It should be
> authenticating with GSI. I tested the proxy that should be there and it
> seems fine. It will be difficult to get that output from affected
> machines. Is there anything I can do to add more relevant information in
> the StartLog?
> 
> Cheers,
> 
> Laurence
> 
> On 21/06/16 22:15, Zach Miller wrote:
> > It's not entirely clear from this short snippet, but the root problem
> seems to be that authentication failed.
> >
> > If authentication fails, no keys are exchanged, and so the Integrity and
> Encryption will also be doomed to failure.
> >
> > The FS authentication method only works locally because it uses the /tmp
> directory for file creation.  Perhaps you meant to use GSI authentication?
> >
> > If you want to take this off-list, you can email htcondor-
> admin@xxxxxxxxxxx and include the output of:
> >    condor_config_val -dump SEC_
> >
> > And I'll see if I see anything obviously incorrect there.
> >
> >
> > Cheers,
> > -zach
> >
> >
> >> -----Original Message-----
> >> From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On
> Behalf
> >> Of Laurence Field
> >> Sent: Tuesday, June 21, 2016 3:03 PM
> >> To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
> >> Subject: [HTCondor-users] Authentication Errors
> >>
> >> Hi,
> >>
> >> At least one of the VMs from vLHC@home is having authentication
> >> problems. The StartLog is attached and the corresponding Collector log
> >> is available if needed.
> >>
> >> The relevant lines from the StartLog are:
> >>
> >> 06/19/16 22:49:11 SECMAN: enable_mac has no key to use, failing...
> >> 06/19/16 22:49:11 ERROR: SECMAN:2006:Failed to establish a crypto
> >> key.|AUTHENTICATE:1004:Failed to authenticate using FS
> >> 06/19/16 22:49:11 CCBListener: connection to CCB server
> >> alicondor01.cern.ch failed; will try to reconnect in 60 seconds.
> >>
> >>
> >> Do you have any ideas why we get "SECMAN: enable_mac has no key to use,
> >> failing..." ?
> >>
> >> Cheers,
> >>
> >> Laurence
> > _______________________________________________
> > HTCondor-users mailing list
> > To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with
> a
> > subject: Unsubscribe
> > You can also unsubscribe by visiting
> > https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> >
> > The archives can be found at:
> > https://lists.cs.wisc.edu/archive/htcondor-users/
> 
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> 
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/