Re: [Condor-users] condor_q -better requires kerberos when condor_q doesn't.

[Lee Damon <nomad@xxxxxxxxxxxxxxxxxxxxxx>]

Zachary Miller wrote:
> On Thu, Aug 16, 2007 at 03:18:58PM -0700, Lee Damon wrote:
>> I've got a strange situation where condor_q returns valid data without a
>> kerberos ticket but condor_q -better complains about being able to fetch
>> startd ads unless you have a kerberos ticket.  (The 'krb' command is a
>> script that does "kinit -l 10h -r 2d -f $prnc" followed by "aklog".)
> 
> whereas condor_q talks only to the schedd, 'condor_q -better' also connects
> to the collector on the central manager to get the resouce ads for analysis.
> 
> is your collector requiring kerberos, but your schedd is not?

The collector on the central manager seems to think FS is ok:

: || nomad@caracara condor [7] ; condor_config_val
COLLECTOR.SEC_DEFAULT_AUTHENTICATION_METHODS
FS, KERBEROS

> also, you can do this:
>   export _CONDOR_TOOL_DEBUG=D_ALL    #bash
>   setenv _CONDOR_TOOL_DEBUG D_ALL    #tcsh
> 
> and then use the -debug flag to condor_q.  you'll get (too much) information
> about which connection is failing, and why.
> 
>   condor_q -debug
>   condor_q -debug -better

Looks like it doesn't like FS or kerberos, though

: || nomad@hawk ~ [18] ; condor_q -debug -better
8/16 16:10:47 KERBEROS: No credentials cache found
8/16 16:10:47 AUTHENTICATE: no available authentication methods
succeeded, failing!
8/16 16:10:47 ERROR: AUTHENTICATE:1003:Failed to authenticate with any
method|AUTHENTICATE:1004:Failed to authenticate using
KERBEROS|AUTHENTICATE:1004:Failed to authenticate using FS
Error:  Could not fetch startd ads


Is FS not the right setting for this?  Should it be FS_REMOTE? (And
where should it be FS_REMOTE - should I set it for
COLLECTOR.SEC_DEFAULT_AUTHENTICATION_METHODS on the central manager?

thanks,
nomad