[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [condor-users] condor-g puts jobs on hold when using proxy-draft compliance proxy

Another side effect of having the older gsi/openssl in condor is that with
NPACI SDSC hostcerts the clients interepret the host dn differently.

Globus-2.4+3.0.2 (old openssl) interprests the OID string in the host cert


whereas Globus-3.2 (new openssl) interprets the OID string as


This requires the CA sigining policy to be changed on the user end. but if
normally a user uses globus-3.2 everything works fine but using condor
will cause authentication failure as it wont be able to verify the host
cert cause job submission failure.

Is there a chance this can be fixed in condor within the next month or so.


I misunderstood your email when I first read it.

Right now, Condor links against Globus 2.2 (old openssl) and we are hoping to link against Globus 2.4 (still old openssl) soon.

My understanding is that if we link against Globus 3.2, then we will fail when we work with older Globus sites. Many Condor/VDT customers are still using Globus 2.4.x, so if we fix it for you, we break it for them.

I think we need to study this issue better, and figure out a good solution. I'm not yet sure what it is. If you have any advice, please share it!


Condor Support Information: http://www.cs.wisc.edu/condor/condor-support/ To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with unsubscribe condor-users <your_email_address>