[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Setting up File System Remote authentication

Hi Javier,

Order of evaluation matters with config files, so what's probably happening is that another config file, probably inside the "config.d" directory, is overwriting your change to SEC_DEFAULT_AUTHENTICATION_METHODS. I suspect this is because HTCondor 9+ includes a 00-htcondor-9.0.config file, which includes a macro that sets a bunch of security settings, including SEC_DEFAULT_AUTHENTICATION_METHODS.

You can get an idea of where an attribute got its value by adding the "-v" flag to "condor_config_val":

 # at: /etc/condor/config.d/03_gwms_local.config, line 9

If you create, e.g., a 01-authentication.config file (which will be evaluated after 00-whatever.config), it might be useful to refer to and append to the existing value instead of overwriting the whole thing:


Hope this helps!

Jason Patton

On 2/14/22 9:57 AM, Javier Barbero wrote:

In our computer cluster we have several machines with the submit role, as some users prefer to use different specific machines to send their jobs. I would like to change this to only having one submit machine in the cluster but making it transparent to users so that they all can still submit jobs from any machine.

When trying to use the "condor_submit" command with the "-name" option in order to specify the address of the submit machine, I get the following error:

Submitting job(s)
ERROR: Failed to connect to queue manager <ommitted for privacy>
AUTHENTICATE:1003:Failed to authenticate with any method
AUTHENTICATE:1004:Failed to authenticate using FS
AUTHENTICATE:1004:Failed to authenticate using IDTOKENS

I set up the cluster using the "get_htcondor" tool, so I do not know a lot about the authentication method set up during installation, but I guess it is the default one.

I read the Security section in the documentation and found the "File System Remote Authentication" method (https://htcondor.readthedocs.io/en/latest/admin-manual/security.html?highlight=remote%20file%20system%20authentication#file-system-remote-authentication), which is perfect for our cluster, as all machines share a common /home directory and a LDAP central authentication is set up. I just create a "/home/condor-authenticate" folder with the common user group as owner and set up write permissions for the group.

I tried to configure HTCondor by adding the following lines to the end of the condor_config file:

FS_REMOTE_DIR = /home/condor-authenticate
and then running "condor_reconfig". However, when I then check with "condor_config_val" the values of these variables, FS_REMOTE_DIR is correctly set but SEC_DEFAULT_AUTHENTICATION_METHODS  still shows its previous value ("IDTOKENS, FS") and sure enough, I still get the same error as before.

What am I doing wrong? Should I set these variables elsewhere? Do I need to restart the local condor_master to change this?

I'm using HTCondor version 9.5.0

HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at: