Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Question about authentication when using remote schedd

Date: Tue, 21 Sep 2021 15:02:41 -0500
From: Mark Coatsworth <coatsworth@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] Question about authentication when using remote schedd

Hi Zhangqier,

I've discussed with a few other developers about the best way to do this.

The best solution we all agree on is just to upgrade to the HTCondor
v9.0 series. That will allow you to use our new IDTOKENS method for
pool authentication, which is the modern and better-supported (and
prescribed) approach. There's some information about how to upgrade in
the manual: https://htcondor.readthedocs.io/en/latest/version-history/upgrading-from-88-to-90-series.html

Sticking to the v8.8 series is not recommended for a few reasons.
First off, we don't support v8.8 anymore (except for security
releases, and those only for another few weeks). We used to rely
heavily on GSI, but that's also being discontinued later this year.

If you have access to a shared file system, you could try putting your
shared pool password in there. Another option is to drop the PASSWORD
authentication entirely and instead use SSL, as described here:
https://htcondor.readthedocs.io/en/latest/admin-manual/security.html#ssl-authentication

But really, if you're able to upgrade to v9.0 and use IDTOKENS for
authentication that's the best way. You'll get ongoing support and
better functionality that way.

Mark

On Mon, Sep 20, 2021 at 12:57 PM Zhangqier Wang <wangzqe@xxxxxxx> wrote:
>
> Hi Mark,
>
>    The condor version is 8.8.12 on the central machine, 8.8.15 on the rest of the machines. I install the condor from osg3.5 repository by using "yum install" command.
>
> Sincerely,
> Zhangqier
> ________________________________________
> From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Mark Coatsworth <coatsworth@xxxxxxxxxxx>
> Sent: Monday, September 20, 2021 1:38 PM
> To: HTCondor-Users Mail List
> Subject: Re: [HTCondor-users] Question about authentication when using remote schedd
>
> Hi Zhangqier,
>
> Can you tell us which version of HTCondor you're using? We've recently
> made some big changes to security configuration so the version number
> is important. Also, what method are you using to install it?
>
> Mark
>
> On Fri, Sep 17, 2021 at 6:15 PM Zhangqier Wang <wangzqe@xxxxxxx> wrote:
> >
> > Dear experts,
> >
> >
> >    I am trying set up only one submit machine in the condor pool, and users submit jobs any other machines in the pool. Currently I set it up by using SCHEDD_HOST and CREDD_HOST in the configuration.
> >
> >    I try to use the PASSWORD authentication. But I could only see the condor_q as root, not as user. I am wondering how to configure so that the user could use the password authentication.
> >
> >   Or else what is the recommended authentication method?
> >
> >
> > Sincerely,
> >
> > Zhangqier Wang
> >
> > _______________________________________________
> > HTCondor-users mailing list
> > To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> > subject: Unsubscribe
> > You can also unsubscribe by visiting
> > https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> >
> > The archives can be found at:
> > https://lists.cs.wisc.edu/archive/htcondor-users/
>
>
>
> --
> Mark Coatsworth
> Systems Programmer
> Center for High Throughput Computing
> Department of Computer Sciences
> University of Wisconsin-Madison
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/
>
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/



-- 
Mark Coatsworth
Systems Programmer
Center for High Throughput Computing
Department of Computer Sciences
University of Wisconsin-Madison

References:
- [HTCondor-users] Question about authentication when using remote schedd
  - From: Zhangqier Wang
- Re: [HTCondor-users] Question about authentication when using remote schedd
  - From: Mark Coatsworth
- Re: [HTCondor-users] Question about authentication when using remote schedd
  - From: Zhangqier Wang

Prev by Date: Re: [HTCondor-users] StarterLog not available any more?
Next by Date: Re: [HTCondor-users] [ExternalEmail] Re: EncryptExecuteDirectory issues on Windows execute nodes without run_as_owner
Previous by thread: Re: [HTCondor-users] Question about authentication when using remote schedd
Next by thread: [HTCondor-users] StarterLog not available any more?
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [HTCondor-users] Question about authentication when using remote schedd