Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] condor_pool password issue in credd

I am trying to setup credd and it fails when I try to set the password for the condor_pool@.  The specific error is:

 

c:\condor>condor_store_cred -d -c add

Account: condor_pool@xxxxxxxxx

 

Enter password:

 

10/3 14:02:17 ZKM: setting default map to (null)

10/3 14:02:17 condor_read(): recv() returned -1, errno = 10054, assuming failure

 reading 5 bytes from <172.16.20.37:1934>.

10/3 14:02:17 IO: Failed to read packet header

10/3 14:02:17 store_cred: failed to recv answer.

Operation failed.

    Make sure you have CONFIG access to the target Master.

 

In my StarterLog.txt the error is:

10/3 14:02:19 condor_read(): timeout reading 5 bytes from <172.16.20.37:9620>.

10/3 14:02:19 IO: Failed to read packet header

10/3 14:02:19 AUTHENTICATE: handshake failed!

10/3 14:02:19 ERROR: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed to authenticate using PASSWORD

 

And in my CredLog.txt the error is:

10/3 14:01:52 allow NEGOTIATOR:  */172.16.20.37 */condor.awr.local

10/3 14:01:52 allow ADMINISTRATOR:  */172.16.20.37 */condor.awr.local

10/3 14:01:52 allow OWNER:  */172.16.20.37 */172.16.20.37 */condor.awr.local */condor.awr.local

10/3 14:01:52 allow DAEMON:  condor_pool@($UID_DOMAIN)/*

10/3 14:01:52 allow ADVERTISE_STARTD:  condor_pool@($UID_DOMAIN)/*

10/3 14:01:52 allow ADVERTISE_SCHEDD:  condor_pool@($UID_DOMAIN)/*

10/3 14:01:52 allow ADVERTISE_MASTER:  condor_pool@($UID_DOMAIN)/*

10/3 14:01:52 ZKM: setting default map to (null)

10/3 14:01:59 getStoredCredential(): Could not locate credential for user 'condor_pool@xxxxxxxxx'

10/3 14:01:59 getStoredCredential(): Could not locate credential for user 'condor_pool@xxxxxxxxx'

10/3 14:02:19 condor_read(): timeout reading 5 bytes from <172.16.20.37:1963>.

10/3 14:02:19 IO: Failed to read packet header

10/3 14:02:19 AUTHENTICATE: handshake failed!

10/3 14:02:19 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed to authenticate using PASSWORD

 

I have tried to set my configurations based on other articles I have read so I have the following in my condor_config.local:

 

DAEMON_LIST = $(DAEMON_LIST), CREDD

DC_DAEMON_LIST = $(DC_DAEMON_LIST), CREDD

 

CREDD    = $(SBIN)/condor_credd.exe

 

# Timeout session quickly since we normally only get contacted

# once per starter

SEC_CREDD_SESSION_TIMEOUT = 10

 

# Set security settings so that full security to the credd is required

CREDD.SEC_DEFAULT_AUTHENTICATION =REQUIRED

CREDD.SEC_DEFAULT_ENCRYPTION = REQUIRED

CREDD.SEC_DEFAULT_INTEGRITY = REQUIRED

CREDD.SEC_DEFAULT_NEGOTIATION = REQUIRED

 

# Require PASSWORD auth for password fetching

CREDD.SEC_DAEMON_AUTHENTICATION_METHODS = PASSWORD

 

# Only honor password fetch requests to the trusted "condor_pool" user

CREDD.ALLOW_DAEMON = condor_pool@($UID_DOMAIN)

 

# Require NTSSPI for storing credentials

CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS = NTSSPI

 

 

Any ideas on what to try next would be appreciated.

 

--dane

 

Dane Collins

Applied Wave  Research