Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] [Condor-devel] information regarding ticket 1264
- Date: Thu, 15 Jul 2010 15:09:04 -0500
- From: "Timothy St. Clair" <tstclair@xxxxxxxxxx>
- Subject: Re: [Condor-users] [Condor-devel] information regarding ticket 1264
On Thu, 2010-07-08 at 08:35 -0500, Timothy St. Clair wrote:
>
> On Thu, 2010-07-08 at 10:33 +0200, Alexandre Fayolle wrote:
> > On Wednesday 07 July 2010 18:06:51 Timothy St. Clair wrote:
> > > In looking through the handshake your credd is trying you auth with
> > > only PASSWORD, but the master is responding with NTSSPI, KERBEROS which
> > > is failing authentication b/c there are no matching auth methods.
> > >
> > > You may want to try changing your condor_config.local file to:
> > > CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS="NTSSPI,PASSWORD" and give that
> > > a whirl.
> >
> > This worked indeed. Many thanks. I have a few of additional questions and
> > suggestions:
> >
> > 1. Reading
> > http://www.cs.wisc.edu/condor/manual/v7.4/3_6Security.html#SECTION00463000000000000000
> > seem to suggest that the following configuration line should have worked too,
> > but when I tested it, it did not:
> >
> > CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
> >
> > The only syntax which works is the one you provided (quotes around the value
> > and no space after the coma). I have noticed issues with some configuration
> > instructions which would not work if there was no space after the comma
> > (notably the ALLOW_READ/WRITE/etc stanzas). The documentation (or the config
> > file parser) could be updated, because this is very confusing.
>
> Sadly this is true, and I've noticed this as well, hence the reason for
> the "," w/o spaces.
So I should elaborate... I've seen this before in the windows env only,
but this is not the correct behavior, and I will promptly file a
ticket.
> Once you have a wiki account it might be worth
> while to chime in on
> https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=988. As not all
> params are evaluated the same.
>
> >
> > 2. Does the addition of "PASSWORD" to CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS
> > have other implications with regard to the "storing credentials" part of
> > CREDD*
> >
> > 3. if there is an agreement that this is the way to go to allow a clean
> > shutdown of the service, I suggest fixing the condor_config.local.credd example
> > file mentionned in the documentation, since the change is in the "CREDD expert
> > settings" sections with various warning about changes only to be made by über
> > condor wizards, which is quite intimidating for the newcommer.
>
> I will have to review the 2 & 3 and get back to you.
>
> >
> >
> > Again thanks a lot for looking into this and providing a fix.
> >
>
> No prob ;-)
>
>
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/