Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Condor-users] Kerberos problem
- Date: Thu, 25 Nov 2004 10:03:47 -0000
- From: "Kewley, J \(John\)" <j.kewley@xxxxxxxx>
- Subject: RE: [Condor-users] Kerberos problem
My understanding is that Kerberos is not supported for Windows in the
current Condor versions.
JK
> -----Original Message-----
> From: Miskell, Craig [mailto:Craig.Miskell@xxxxxxxxxxxxxxxx]
> Sent: 25 November 2004 02:58
> To: Condor-Users Mail List
> Subject: RE: [Condor-users] Kerberos problem
>
>
> Bad form to reply to onself I know. Isn't always the way
> that you only
> really read the logs once you've sent them to a mailing list? The
> obvious clue was:
> 11/25 15:17:07 No credentials found with supported encryption types
>
> A quick google on that showed I needed to add:
> default_tkt_enctypes = des-cbc-crc des-cbc-md5
> default_tgs_enctypes = des-cbc-crc
>
> To the [libdefaults] section of krb5.conf, in order to obtain an
> appropriately encoded ticket from Active Directory.
>
> It still doesn't work thought. The debug output gives:
> 11/25 15:52:02 Acquiring credential for user
> 11/25 15:52:02 KRB5 error code 52
> And I'm now tracking down error code 52 to see what that shows me - I
> may be back with another question later, but I'll be more careful next
> time (I promise! ;-))
>
> Please accept my apologies for wasting your bandwidth and time,
>
> Craig
>
>
> > -----Original Message-----
> > From: condor-users-bounces@xxxxxxxxxxx
> > [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of
> Miskell, Craig
> > Sent: Thursday, 25 November 2004 3:38 p.m.
> > To: Condor-Users Mail List
> > Subject: [Condor-users] Kerberos problem
> >
> > Hi,
> > I'm starting the rollout of Condor at our site, and am trying to
> > get the most secure configuration reasonably possible. As such, I'm
> > trying to get Kerberos working. Currently, I have only a
> single node
> > that is my test box - it's the central manager, submit node,
> > and single
> > execute node. I know that's not a good long term strategy,
> but it's a
> > nice simple case for initial configuration testing.
> >
> > The problem: condor_status running as root works, but when
> running as
> > another non-privileged user, it fails with:
> > AUTHENTICATE:1003:Failed to authenticate with any method
> > AUTHENTICATE:1004:Failed to authenticate using KERBEROS
> ==============================================================
> =========
> Attention: The information contained in this message and/or
> attachments
> from AgResearch Limited is intended only for the persons or entities
> to which it is addressed and may contain confidential and/or
> privileged
> material. Any review, retransmission, dissemination or other
> use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipients is prohibited by
> AgResearch
> Limited. If you have received this message in error, please notify the
> sender immediately.
> ==============================================================
> =========
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> http://lists.cs.wisc.edu/mailman/listinfo/condor-users
>