Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] [Condor-devel] information regarding ticket 1264

Date: Thu, 08 Jul 2010 08:35:24 -0500
From: "Timothy St. Clair" <tstclair@xxxxxxxxxx>
Subject: Re: [Condor-users] [Condor-devel] information regarding ticket 1264


On Thu, 2010-07-08 at 10:33 +0200, Alexandre Fayolle wrote:
> On Wednesday 07 July 2010 18:06:51 Timothy St. Clair wrote:
> >         In looking through the handshake your credd is trying you auth with
> > only PASSWORD, but the master is responding with NTSSPI, KERBEROS which
> > is failing authentication b/c there are no matching auth methods.   
> > 
> > You may want to try changing your condor_config.local file to:
> > CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS="NTSSPI,PASSWORD" and give that
> > a whirl.  
> 
> This worked indeed. Many thanks. I have a few of additional questions and 
> suggestions:
> 
> 1. Reading 
> http://www.cs.wisc.edu/condor/manual/v7.4/3_6Security.html#SECTION00463000000000000000 
> seem to suggest that the following configuration line should have worked too, 
> but when I tested it, it did not:
> 
> CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD 
> 
> The only syntax which works is the one you provided (quotes around the value 
> and no space after the coma). I have noticed issues with some configuration 
> instructions which would not work if there was no space after the comma 
> (notably the ALLOW_READ/WRITE/etc stanzas). The documentation (or the config 
> file parser) could be updated, because this is very confusing. 

Sadly this is true, and I've noticed this as well, hence the reason for
the "," w/o spaces.  Once you have a wiki account it might be worth
while to chime in on
https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=988.  As not all
params are evaluated the same.  

> 
> 2. Does the addition of "PASSWORD" to CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS 
> have other implications with regard to the "storing credentials" part of 
> CREDD*
> 
> 3. if there is an agreement that this is the way to go to allow a clean 
> shutdown of the service, I suggest fixing the condor_config.local.credd example 
> file mentionned in the documentation, since the change is in the "CREDD expert 
> settings" sections with various warning about changes only to be made by über 
> condor wizards, which is quite intimidating for the newcommer.

I will have to review the 2 & 3 and get back to you.  

>  
> 
> Again thanks a lot for looking into this and providing a fix. 
> 

No prob ;-)

Follow-Ups:
- Re: [Condor-users] [Condor-devel] information regarding ticket 1264
  - From: Timothy St. Clair

References:
- Re: [Condor-users] [Condor-devel] information regarding ticket 1264
  - From: Timothy St. Clair
- Re: [Condor-users] [Condor-devel] information regarding ticket 1264
  - From: Alexandre Fayolle

Prev by Date: Re: [Condor-users] [Condor-devel] information regarding ticket 1264
Next by Date: Re: [Condor-users] Manually changing startd classad
Previous by thread: Re: [Condor-users] [Condor-devel] information regarding ticket 1264
Next by thread: Re: [Condor-users] [Condor-devel] information regarding ticket 1264
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [Condor-users] [Condor-devel] information regarding ticket 1264