Re: [condor-users] condor-g puts jobs on hold when using proxy-draft compliance proxy

[Alain Roy <roy@xxxxxxxxxxx>]

> Another side effect of having the older gsi/openssl in condor is that with
> NPACI SDSC hostcerts the clients interepret the host dn differently.
>
> Globus-2.4+3.0.2 (old openssl) interprests the OID string in the host cert
> as
>
> USERID=<hostname>
>
> whereas Globus-3.2 (new openssl) interprets the OID string as
>
> UID=<hostname>
>
> This requires the CA sigining policy to be changed on the user end. but if
> normally a user uses globus-3.2 everything works fine but using condor
> will cause authentication failure as it wont be able to verify the host
> cert cause job submission failure.
>
> Is there a chance this can be fixed in condor within the next month or so.

Gaurang,

I misunderstood your email when I first read it.

Right now, Condor links against Globus 2.2 (old openssl) and we are hoping 
to link against Globus 2.4 (still old openssl) soon.

My understanding is that if we link against Globus 3.2, then we will fail 
when we work with older Globus sites. Many Condor/VDT customers are still 
using Globus 2.4.x, so if we fix it for you, we break it for them.

I think we need to study this issue better, and figure out a good solution. 
I'm not yet sure what it is. If you have any advice, please share it!

-alain


Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>