Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] HTCondor moving from 8.4.4 to 8.6.3 - authentication issues

Windows version 8.4.4 all OK.

 

Upgrade to Windows version 8.6.3 using the same config files and get the following with “condor_store_cred add”

 

>condor_store_cred add

Account: ******@*****

 

Enter password:

 

Operation failed.

    Make sure your ALLOW_WRITE setting includes this host.

 

Set ALLOW_WRITE = * but still the same.

 

Try other config items for negotiation and authentication. See below for different combos and

with SCHEDD_DEBUG = D_ALL

 

*****************************************************************************

 

SEC_DEFAULT_NEGOTIATION = NEVER

SEC_DEFAULT_AUTHENTICATION = NEVER

 

(in both condor_config and condor_config.local)

 

07/14/17 16:31:30 (fd:5) (pid:3608) (D_DAEMONCORE) DAEMONCORE: VerifyCommand()

07/14/17 16:31:30 (fd:5) (pid:3608) (D_SECURITY) AUTHENTICATE: setting timeout for (unknown) to 20.

07/14/17 16:31:30 (fd:5) (pid:3608) (D_SECURITY) HANDSHAKE: in handshake(my_methods = 'CLAIMTOBE')

07/14/17 16:31:30 (fd:5) (pid:3608) (D_SECURITY) HANDSHAKE: handshake() - i am the server

07/14/17 16:31:30 (fd:5) (pid:3608) (D_NETWORK) Stream::get(int) incorrect pad received: 68

07/14/17 16:31:30 (fd:5) (pid:3608) (D_ALWAYS) AUTHENTICATE: handshake failed!

07/14/17 16:31:30 (fd:5) (pid:3608) (D_SECURITY) Authentication was a FAILURE.

07/14/17 16:31:30 (fd:5) (pid:3608) (D_SECURITY) DaemonCore received UNAUTHENTICATED command 479 STORE_CRED.

07/14/17 16:31:30 (fd:5) (pid:3608) (D_SECURITY) SECMAN: failure! can't resolve security policy:

07/14/17 16:31:30 (fd:5) (pid:3608) (D_SECURITY) SECMAN:   SEC_NEGOTIATION="NEVER"

07/14/17 16:31:30 (fd:5) (pid:3608) (D_SECURITY) SECMAN:   SEC_AUTHENTICATION="REQUIRED"

07/14/17 16:31:30 (fd:5) (pid:3608) (D_SECURITY) SECMAN:   SEC_ENCRYPTION="OPTIONAL"

07/14/17 16:31:30 (fd:5) (pid:3608) (D_SECURITY) SECMAN:   SEC_INTEGRITY="OPTIONAL"

07/14/17 16:31:30 (fd:5) (pid:3608) (D_ALWAYS) DC_AUTHENTICATE: Our security policy is invalid!

07/14/17 16:31:30 (fd:5) (pid:3608) (D_NETWORK) CLOSE TCP <***.**.***.***:9618> fd=820

 

Why is

07/14/17 16:31:30 (fd:5) (pid:3608) (D_SECURITY) SECMAN:   SEC_AUTHENTICATION="REQUIRED"

?

 

******************************************************************************

 

SEC_DEFAULT_NEGOTIATION = NEVER

SEC_DEFAULT_AUTHENTICATION = OPTIONAL

 

(in both condor_config and condor_config.local)

 

07/14/17 16:44:22 (fd:5) (pid:6136) (D_DAEMONCORE) DAEMONCORE: VerifyCommand()

07/14/17 16:44:22 (fd:5) (pid:6136) (D_SECURITY) AUTHENTICATE: setting timeout for (unknown) to 20.

07/14/17 16:44:22 (fd:5) (pid:6136) (D_SECURITY) HANDSHAKE: in handshake(my_methods = 'CLAIMTOBE')

07/14/17 16:44:22 (fd:5) (pid:6136) (D_SECURITY) HANDSHAKE: handshake() - i am the server

07/14/17 16:44:22 (fd:5) (pid:6136) (D_NETWORK) Stream::get(int) incorrect pad received: 68

07/14/17 16:44:22 (fd:5) (pid:6136) (D_ALWAYS) AUTHENTICATE: handshake failed!

07/14/17 16:44:22 (fd:5) (pid:6136) (D_SECURITY) Authentication was a FAILURE.

07/14/17 16:44:22 (fd:5) (pid:6136) (D_SECURITY) DaemonCore received UNAUTHENTICATED command 479 STORE_CRED.

07/14/17 16:44:22 (fd:5) (pid:6136) (D_SECURITY) SECMAN: failure! can't resolve security policy:

07/14/17 16:44:22 (fd:5) (pid:6136) (D_SECURITY) SECMAN:   SEC_NEGOTIATION="NEVER"

07/14/17 16:44:22 (fd:5) (pid:6136) (D_SECURITY) SECMAN:   SEC_AUTHENTICATION="REQUIRED"

07/14/17 16:44:22 (fd:5) (pid:6136) (D_SECURITY) SECMAN:   SEC_ENCRYPTION="OPTIONAL"

07/14/17 16:44:22 (fd:5) (pid:6136) (D_SECURITY) SECMAN:   SEC_INTEGRITY="OPTIONAL"

07/14/17 16:44:22 (fd:5) (pid:6136) (D_ALWAYS) DC_AUTHENTICATE: Our security policy is invalid!

07/14/17 16:44:22 (fd:5) (pid:6136) (D_NETWORK) CLOSE TCP <152.83.141.182:9618> fd=820

 

Why is

07/14/17 16:44:22 (fd:5) (pid:6136) (D_SECURITY) SECMAN:   SEC_AUTHENTICATION="REQUIRED"

?

 

*****************************************************************************

 

SEC_DEFAULT_NEGOTIATION = OPTIONAL

SEC_DEFAULT_AUTHENTICATION = OPTIONAL

 

(in both condor_config and condor_config.local)

 

07/14/17 16:28:24 (fd:5) (pid:5800) (D_DAEMONCORE) DAEMONCORE: VerifyCommand()

07/14/17 16:28:24 (fd:5) (pid:5800) (D_SECURITY) AUTHENTICATE: setting timeout for (unknown) to 20.

07/14/17 16:28:24 (fd:5) (pid:5800) (D_SECURITY) HANDSHAKE: in handshake(my_methods = 'CLAIMTOBE')

07/14/17 16:28:24 (fd:5) (pid:5800) (D_SECURITY) HANDSHAKE: handshake() - i am the server

07/14/17 16:28:24 (fd:5) (pid:5800) (D_NETWORK) Stream::get(int) incorrect pad received: 68

07/14/17 16:28:24 (fd:5) (pid:5800) (D_ALWAYS) AUTHENTICATE: handshake failed!

07/14/17 16:28:24 (fd:5) (pid:5800) (D_SECURITY) Authentication was a FAILURE.

07/14/17 16:28:24 (fd:5) (pid:5800) (D_SECURITY) DaemonCore received UNAUTHENTICATED command 479 STORE_CRED.

07/14/17 16:28:24 (fd:5) (pid:5800) (D_ALWAYS) DaemonCore: PERMISSION DENIED for 479 (STORE_CRED) via TCP from host <152.83.141.182:65112> (access level WRITE)

07/14/17 16:28:24 (fd:5) (pid:5800) (D_NETWORK) CLOSE TCP <***.**.***.***:9618> fd=824

 

Still get an error.

 

**********************************************************************

 

Thanks for any help/info.

 

Cheers

 

Greg