Subject: [Condor-users] Antwort: Re: about condor_store_cred add
Hi,Todd Thank you for your exciting reply, I
am so appreciated. (!)One additional thing I want to make clear is I
am using the run_as_owner = True, did what you said is based on typical
situation(run_as_owner = False)?
(2)According to the link you gave me 6.2.3 and
6.2.4 of the Manual, so I should use condor_store_cred -c add? Which means
all the machines including submitter and executor need to store the same
password? All how can we use the user account(but maybe some submitter
user don't have the admin access to central manager or executor)
(3)Actually, mentioned to the 2 PCs last email, after
I changed the password, and also I have already use condor_store_cred add
in my local PC(submitter), and I also checked the other executor(I have
the access too,it is configged to both executor&submitter,but I never
use this machine to submit job ), the credential is valid(but I did not
use condor_store_cred,I think it fetched password infor from server automatically),
however, the job is never executed in this PC, all jobs are in idle...and
when I use : condor_status -f "%st" Name -f "%sn"
ifThenElse(isUndefined(LocalCredd),"UNDEF",LocalCredd).
I found the executor PC is UNDEF So what's wrong under run_as_owner = True condition?
What should I do ? Thank you very much!
Bitte antworten an
Condor-Users Mail List <condor-users@xxxxxxxxxxx>
An
Condor-Users Mail List <condor-users@xxxxxxxxxxx>
Kopie
Thema
Re: [Condor-users] about condor_store_cred
add
Tao.3.Chen@xxxxxxxxxxxxxxxxxxxxxxxxxxx wrote:
>
> Hi,all
> I am using condor 7.2.4, last Friday I changed the password,
and then
> today I found there is an authentication problem, I can neither submit
> jobs nor run any jobs in the executor...After I checked the manual
and
> online, then I updated my password with condor_store_cred add, I think
> now system partly works, but I got a little confused about the
> authentication method, can anyone help me to answer following few
> quesions? Thank you very much! (1) I saw from
the dos command
> reference, I need to use condor_store_cred add to update my password,
> but in the manual I should use the condor_store_cred -c add, so what
is
> the difference?
The "-c" option is to set a password used for password-based
authentication of one Condor service to another. It is not used to
start processes as a submitting user.
A condor administrator who want to setup strong authentication across
Condor installation may use "condor_store_cred -c add" - see
http://www.cs.wisc.edu/condor/manual/v7.2/3_6Security.html#SECTION00463400000000000000
A user simply submitting jobs into Condor should just run
"condor_store_cred add".
> (2) Should I only add credentials to submitter or both the submitter
and
> executer?
Typically uou only need to run condor_store_cred on the submitter.
> (3) Actually, I have 2 submitter, and 2 executor machines in condor
> system, but I only have access to 1 submitter and 1 executor(I install
> the condor software with my user account),so when I changed my password,
> shall I update it in both the submitter and executor? But howabout
the
> other 2 machines, according to what I found, there seems some credential
> problem with another 2 PCs since I change my password(There should
not
> be any problem with another 2 PCs,because I did not change them and
have
> no access to config them)
>
You will either need to
1) re-reun condor_store_cred add on each submit host where you have
jobs submitted (no need to worry about submit hosts where you do not
submit jobs from)
or
2) setup your Condor environment to run the (optional) centralized
condor_credd service. by running this service, you can run
condor_store_cred once, and all machines in the pool that may need your
credential can securely fetch it as needed.
More info on all of this is in sections 6.2.3 and 6.2.4 of the Manual -
http://www.cs.wisc.edu/condor/manual/v7.2/6_2Microsoft_Windows.html#SECTION00723000000000000000
regards,
Todd
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with
a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}