[HTCondor-users] Setting up File System Remote authentication

[Javier Barbero <jbarbero@xxxxxx>]

In our computer cluster we have several machines with the submit role, as some users prefer to use different specific machines to send their jobs. I would like to change this to only having one submit machine in the cluster but making it transparent to users so that they all can still submit jobs from any machine.

When trying to use the "condor_submit" command with the "-name" option in order to specify the address of the submit machine, I get the following error:

> Submitting
>             job(s)
>           
>           ERROR: Failed to connect to queue manager <ommitted for
>           privacy>
>           
>           AUTHENTICATE:1003:Failed to authenticate with any method
>           
>           AUTHENTICATE:1004:Failed to authenticate using FS
>           
>           AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
>           
>         
      I set up the cluster using the "get_htcondor" tool, so I do not
      know a lot about the authentication method set up during
      installation, but I guess it is the default one.

I read the Security section in the documentation and found the "File System Remote Authentication" method (https://htcondor.readthedocs.io/en/latest/admin-manual/security.html?highlight=remote%20file%20system%20authentication#file-system-remote-authentication), which is perfect for our cluster, as all machines share a common /home directory and a LDAP central authentication is set up. I just create a "/home/condor-authenticate" folder with the common user group as owner and set up write permissions for the group.

I tried to configure HTCondor by adding the following lines to the end of the condor_config file:

> FS_REMOTE_DIR
>             = /home/condor-authenticate
>           
>           SEC_DEFAULT_AUTHENTICATION_METHODS = FS_REMOTE, IDTOKENS, FS
>         
      and then running "condor_reconfig". However, when I then check
      with "condor_config_val" the values of these variables,
      FS_REMOTE_DIR is correctly set but
      SEC_DEFAULT_AUTHENTICATION_METHODSÂ still shows its previous value
      ("IDTOKENS, FS") and sure enough, I still get the same error as
      before.

What am I doing wrong? Should I set these variables elsewhere? Do I need to restart the local condor_master to change this?

I'm using HTCondor version 9.5.0