Mailing List ArchivesPublic Access |
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesPublic Access |
|
Hi Javier,
Order of evaluation matters with config files, so what's probably happening is that another config file, probably inside the "config.d" directory, is overwriting your change to SEC_DEFAULT_AUTHENTICATION_METHODS. I suspect this is because HTCondor 9+ includes a 00-htcondor-9.0.config file, which includes a macro that sets a bunch of security settings, including SEC_DEFAULT_AUTHENTICATION_METHODS.
You can get an idea of where an attribute got its value by adding the "-v" flag to "condor_config_val":
# condor_config_val -v SEC_DEFAULT_AUTHENTICATION_METHODS
SEC_DEFAULT_AUTHENTICATION_METHODS = IDTOKENS,SCITOKENS,FS,GSI
# at: /etc/condor/config.d/03_gwms_local.config, line 9
# raw: SEC_DEFAULT_AUTHENTICATION_METHODS = IDTOKENS,SCITOKENS,FS
If you create, e.g., a 01-authentication.config file (which will be evaluated after 00-whatever.config), it might be useful to refer to and append to the existing value instead of overwriting the whole thing:
SEC_DEFAULT_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS),FS_REMOTE
Hope this helps!
Jason Patton
In our computer cluster we have several machines with the submit role, as some users prefer to use different specific machines to send their jobs. I would like to change this to only having one submit machine in the cluster but making it transparent to users so that they all can still submit jobs from any machine.
When trying to use the "condor_submit" command with the "-name" option in order to specify the address of the submit machine, I get the following error:
Submitting job(s)I set up the cluster using the "get_htcondor" tool, so I do not know a lot about the authentication method set up during installation, but I guess it is the default one.
ERROR: Failed to connect to queue manager <ommitted for privacy>
AUTHENTICATE:1003:Failed to authenticate with any method
AUTHENTICATE:1004:Failed to authenticate using FS
AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
I read the Security section in the documentation and found the "File System Remote Authentication" method (https://htcondor.readthedocs.io/en/latest/admin-manual/security.html?highlight=remote%20file%20system%20authentication#file-system-remote-authentication), which is perfect for our cluster, as all machines share a common /home directory and a LDAP central authentication is set up. I just create a "/home/condor-authenticate" folder with the common user group as owner and set up write permissions for the group.
I tried to configure HTCondor by adding the following lines to the end of the condor_config file:
FS_REMOTE_DIR = /home/condor-authenticateand then running "condor_reconfig". However, when I then check with "condor_config_val" the values of these variables, FS_REMOTE_DIR is correctly set but SEC_DEFAULT_AUTHENTICATION_METHODS still shows its previous value ("IDTOKENS, FS") and sure enough, I still get the same error as before.
SEC_DEFAULT_AUTHENTICATION_METHODS = FS_REMOTE, IDTOKENS, FS
What am I doing wrong? Should I set these variables elsewhere? Do I need to restart the local condor_master to change this?
I'm using HTCondor version 9.5.0
_______________________________________________ HTCondor-users mailing list To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a subject: Unsubscribe You can also unsubscribe by visiting https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users The archives can be found at: https://lists.cs.wisc.edu/archive/htcondor-users/