Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] condor administrator authorization failed ?

Date: Thu, 27 Oct 2005 13:37:10 +0800
From: "Li-Yung Ho" <liyungho@xxxxxxxxxxxxxxxxxx>
Subject: [Condor-users] condor administrator authorization failed ?

Dear all
I use condor 6.6.10 on scientific linux 305.
It seems that my ALLOW_ADMINISTRATOR doesn't work .
I set the following entries in my central manager host configuration file

-----------------------------------------------------------------------
SEC_READ_AUTHENTICATION                         = REQUIRED
SEC_READ_AUTHENTICATION_METHODS                 = FS, FS_REMOTE
SEC_WRITE_AUTHENTICATION                        = REQUIRED
SEC_WRITE_AUTHENTICATION_METHODS                = FS, FS_REMOTE
SEC_ADMINISTRATOR_AUTHENTICATION                = REQUIRED
SEC_ADMINISTRATOR_AUTHENTICATION_METHODS        = FS, FS_REMOTE
SEC_NEGOTIATOR_AUTHENTICATION                   = REQUIRED
SEC_NEGOTIATOR_AUTHENTICATION_METHODS           = FS, FS_REMOTE
SEC_CONFIG_AUTHENTICATION                       = REQUIRED
SEC_CONFIG_AUTHENTICATION_METHODS               = FS, FS_REMOTE

ALLOW_READ             = *@grid.sinica.edu.tw/*
ALLOW_WRITE            = *@grid.sinica.edu.tw/*.grid.sinica.edu.tw
ALLOW_ADMINISTRATOR     = condor@xxxxxxxxxxxxxxxxxx/$(CONDOR_HOST)
ALLOW_NEGOTIATOR        = condor@xxxxxxxxxxxxxxxxxx/$(NEGOTIATOR_HOST)
ALLOW_CONFIG            = condor@xxxxxxxxxxxxxxxxxx/*.grid.sinica.edu.tw

-------------------------------------------------------------------------

and these in global configuration file 

-------------------------------------------------------------------------
FS_REMOTE_DIR = /var/tmp
SEC_CLIENT_AUTHENTICATION               = REQUIRED
SEC_CLIENT_AUTHENTICATION_METHODS       = FS, FS_REMOTE
-------------------------------------------------------------------------

Then,
I test to shut down condor with a user "lyho".
It should deny lyho to execute "condor off" but it doesn't !

-------------------------------------------------------------------
[lyho@lcg00140 lyho]$ ps -ef | grep condor
condor   30931     1  0 01:46 ?        00:00:00 condor_master
condor   30932 30931  0 01:46 ?        00:00:00 condor_collector -f
condor   30933 30931  0 01:46 ?        00:00:00 condor_negotiator -f
condor   30934 30931  1 01:46 ?        00:00:04 condor_startd -f
condor   30935 30931  0 01:46 ?        00:00:00 condor_schedd -f
lyho     30994 30949  0 01:51 pts/3    00:00:00 grep condor

[lyho@lcg00140 lyho]$ condor off
Sent "Kill-All-Daemons" command to local master
[lyho@lcg00140 lyho]$ !ps
ps -ef | grep condor
condor   30931     1  0 01:46 ?        00:00:00 condor_master
lyho     30997 30949  0 01:51 pts/3    00:00:00 grep condor

-------------------------------------------------------------------

How could that happen ?
Could anyone help me ??
Thanks

Best regards 

Li-Yung

Follow-Ups:
- Re: [Condor-users] condor administrator authorization failed ?
  - From: Zachary Miller

Prev by Date: [Condor-users] Submitting machine attributes available?
Next by Date: [Condor-users] set ALLOW_WRITE and condor_status return empty ?
Previous by thread: [Condor-users] Submitting machine attributes available?
Next by thread: Re: [Condor-users] condor administrator authorization failed ?
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

[Condor-users] condor administrator authorization failed ?