[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Problem with CREDD - case-sensitive Windows login?

Yes, that does appear to be a problem.   Thanks for the detailed report, we will get that fixed in the next 8.6 release.


-----Original Message-----
From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Ivo Cavalcante
Sent: Tuesday, March 21, 2017 6:16 PM
To: htcondor-users@xxxxxxxxxxx
Subject: [HTCondor-users] Problem with CREDD - case-sensitive Windows login?

Hi all,

First time on the list, new to HTCondor. I was able to setup our environment so as to submit jobs from Windows machines successfully.

However, some of our users are facing problems on submiting. I don't have access to exact messages right now, but it appears as CREDD has trouble in finding the credentials stores for these users. On submitting machine, we have a message saying Condor was unable to find credentials stored for the user and, on CREDD machine, I have messages like:

WARNING: store_cred() attempt from user xpto@domain to user XPTO@domain. Rejecting.

It is indeed possible that the team responsible for registering the users have set up uppercase ids for some users. Other users have no problem at all in submitting jobs.

Fast check list, to help troubleshooting:

1. The users have been registered with condor_store_cred. Tried both xpto@domain, XPTO@domain, xpto@DOMAIN, XPTO@DOMAIN, no success.
2. We have users submitting and running jobs perfectly, so it's not a (big) issue with the setup - should be some detail...
3. Daemons authenticate trough pool password, user trough NTSSPI and PASSWORD, as instructed on manual.
4. CREDD server has also SCHEDD running, so I can manage the credentials (couldn't without it).

Is that a know problem? Any solutions?


Just checked sources on GitHub (branch V8_6_1-branch) and found code below (line 727), on file src/condor_utils/store_cred.cpp . Seems the source of the problem. A case-insensitive compare should do?


const char *sock_owner = sock->getOwner(); if ( sock_owner == NULL || strncmp( sock_owner, user, tmp-user ) ) {
ÂÂÂÂdprintf( D_ALWAYS, "WARNING: store_cred() for user %s attempted by user %s, rejecting\n", user, sock_owner ? sock_owner : "<unknown>" );
  answer = FAILURE;
} else if ((mode != QUERY_MODE) && Â.....


HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at: