Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] [Condor-devel] information regarding ticket 1264

Date: Thu, 8 Jul 2010 10:33:54 +0200
From: Alexandre Fayolle <alexandre.fayolle@xxxxxxxxxx>
Subject: Re: [Condor-users] [Condor-devel] information regarding ticket 1264

On Wednesday 07 July 2010 18:06:51 Timothy St. Clair wrote:
>         In looking through the handshake your credd is trying you auth with
> only PASSWORD, but the master is responding with NTSSPI, KERBEROS which
> is failing authentication b/c there are no matching auth methods.   
> 
> You may want to try changing your condor_config.local file to:
> CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS="NTSSPI,PASSWORD" and give that
> a whirl.  

This worked indeed. Many thanks. I have a few of additional questions and 
suggestions:

1. Reading 
http://www.cs.wisc.edu/condor/manual/v7.4/3_6Security.html#SECTION00463000000000000000 
seem to suggest that the following configuration line should have worked too, 
but when I tested it, it did not:

CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD 

The only syntax which works is the one you provided (quotes around the value 
and no space after the coma). I have noticed issues with some configuration 
instructions which would not work if there was no space after the comma 
(notably the ALLOW_READ/WRITE/etc stanzas). The documentation (or the config 
file parser) could be updated, because this is very confusing. 

2. Does the addition of "PASSWORD" to CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS 
have other implications with regard to the "storing credentials" part of 
CREDD*

3. if there is an agreement that this is the way to go to allow a clean 
shutdown of the service, I suggest fixing the condor_config.local.credd example 
file mentionned in the documentation, since the change is in the "CREDD expert 
settings" sections with various warning about changes only to be made by über 
condor wizards, which is quite intimidating for the newcommer. 

Again thanks a lot for looking into this and providing a fix. 

-- 
Alexandre Fayolle                              LOGILAB, Paris (France)
Formations Python, CubicWeb, Debian :  http://www.logilab.fr/formations
Développement logiciel sur mesure :      http://www.logilab.fr/services
Informatique scientifique:               http://www.logilab.fr/science

Follow-Ups:
- Re: [Condor-users] [Condor-devel] information regarding ticket 1264
  - From: Timothy St. Clair

References:
- Re: [Condor-users] [Condor-devel] information regarding ticket 1264
  - From: Timothy St. Clair

Prev by Date: [Condor-users] condor_ssh_to_job
Next by Date: Re: [Condor-users] [Condor-devel] information regarding ticket 1264
Previous by thread: Re: [Condor-users] [Condor-devel] information regarding ticket 1264
Next by thread: Re: [Condor-users] [Condor-devel] information regarding ticket 1264
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [Condor-users] [Condor-devel] information regarding ticket 1264