Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] dear condor users!

it might be horrible but i need your help!
i am currently using condor 7.6.6. the pool i have contains about 42 execution nodes running mostly windows 7 and a central manger Redhat linux server edition(latest release).the pool had been in a good status until i tried to apply SSL security infrastructure. the SSL entries i used in global config files are:-
 SEC_DEFAULT_AUTHENTICATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION_METHODS = SSL

SEC_DEFAULT_ENCRYPTION = REQUIRED
SEC_DEFAULT_CRYPTO_METHODS = BLOWFISH

AUTH_SSL_CLIENT_CAFILE = /TEST/root-ca.crt
AUTH_SSL_CLIENT_CERTFILE = /TEST/admin-PC.crt
AUTH_SSL_CLIENT_KEYFILE = /TEST/admin-PC.key

AUTH_SSL_SERVER_CAFILE = /TEST/root-ca.crt
AUTH_SSL_SERVER_CERTFILE = /TEST/admin-PC.crt
AUTH_SSL_SERVER_KEYFILE = /TEST/admin-PC.key

CERTIFICATE_MAPFILE = /TEST/condor_mapfile

where i used openSSL to generate the cerificates.
my mechanism is actually ,a self signed central manger will get request from each nodes and will sign for approval if appropriate.i thought sharing the same key for entire pool and using that key for authentication quite ridiculous.the problem i got is when i try to submit job i got error
>>condor_submit submitfile
Submitting job(s)
ERROR: Failed to connect to local queue manager
SECMAN:2007:could not receive post_auth_info.

for the files already in the queue i tried to find out what is wrong
>>condor_q -debug

04/04/12 06:18:09 Trying to connect.
04/04/12 06:18:09 SSL: trying to continue reading.
04/04/12 06:18:09 Trying to connect.
04/04/12 06:18:09 SSL: trying to continue reading.
04/04/12 06:18:09 Receive message.
04/04/12 06:18:09 Trying to connect.
04/04/12 06:18:09 SSL: trying to continue reading.
04/04/12 06:18:09 Trying to connect.
04/04/12 06:18:09 SSL: trying to continue reading.
04/04/12 06:18:09 Receive message.
04/04/12 06:18:09 Trying to connect.
04/04/12 06:18:09 post_connection_check.
04/04/12 06:18:09 Returning SSL_get_verify_result.
04/04/12 06:18:09 SSL: continue read/write.
04/04/12 06:18:09 Receive message.
04/04/12 06:18:09 Status: c: 2, s: 4
04/04/12 06:18:09 Status: c: 4, s: 4
04/04/12 06:18:09 ZKM: Parsing map file.
04/04/12 06:18:09 ZKM: 1: attempting to map '/C=ET/ST=AA/O=INSA/OU=IAD/CN=admin-PC/emailAddress=admin-PC@localdomain'
04/04/12 06:18:09 ZKM: 2: mapret: 1 included_voms: 0 canonical_user:
04/04/12 06:18:09 ZKM: did not find user .

the content of the map file is
SSL    "C=ET, ST=AA, O=INSA, OU=IAD, CN=admin-PC/emailAddress=admin-PC@localdomain"   Central-manager@localdomain

i thought the format is  Authentication_method  source_DN   mapped user.
shadowlog and scheddlog shows the same information described above under condor_q -debug.
any ideas please????....