[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor not forwarding kerberos tokens



Hello,

Actually, HTCondor has never done this automatically for the user.  I suspect your students years and years ago were doing this âmanuallyâ by transferring their krb5cc using file transfer and then setting an environment variable in the job to point to it. (and run aklog as part of the job)

You can still do that.  Weâve also made a lot of progress with Kerberos and AFS in the last year which will allow not just AFS access, but also have the ability to have your jobâs log files, stdout/err, etc. in AFS.  That is, you can submit and run inside an AFS directory and not do any explicit file transfer.  Plus your tickets/tokens can be renewed while the job is running if your krb5 policy  allows it.

If you need this working immediately, go with the approach I mentioned first.  Or, if you can wait a little while for 8.7 to come out, the AFS support will be much improved.


Cheers,
-zach



On 1/17/17, 4:37 PM, "HTCondor-users on behalf of Lee Damon" <htcondor-users-bounces@xxxxxxxxxxx on behalf of nomad@xxxxxxxxxxxxxxxxx> wrote:

    In the past (years and years ago) I had some users who were actively
    using kerberos tokens with their condor runs. They've left but recently
    a new student needs access to kerberos-protected AFS volumes. When he
    tries to run he is unable to get access.
    
    It looks like kerberos tickets aren't being forwarded anymore. I'm
    running a script that does nothing more than try to get a token. When I
    look at the .err output I see the following:
    
    + klist
    klist: No credentials cache found (filename: /tmp/krb5cc_92096)
    
    Any hints on what I need to do to turn kerberos token passing back on in
    condor? Our default is to make all tokens forwardable and ssh works just
    fine.
    
    thanks,
    nomad
    _______________________________________________
    HTCondor-users mailing list
    To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
    subject: Unsubscribe
    You can also unsubscribe by visiting
    https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
    
    The archives can be found at:
    https://lists.cs.wisc.edu/archive/htcondor-users/