Mailing List Archives
Authenticated access
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Is it possible to use remote condor_config_val if password authentication is required?
- Date: Mon, 20 Mar 2017 10:14:03 -0500
- From: Vladimir Brik <vladimir.brik@xxxxxxxxxxxxxxxx>
- Subject: Re: [HTCondor-users] Is it possible to use remote condor_config_val if password authentication is required?
Still no luck, but I am getting slightly different error messages.
Without _CONDOR_SEC_CLIENT_AUTHENTICATION_METHODS=PASSWORD
only FS authentication is mentioned:
# condor_config_val -debug -dump -startd -name
slot1@6178@gzk-7.chtc.wisc.edu
# Configuration from startd on slot1@6178@gzk-7.chtc.wisc.edu
<128.104.102.57:43337?CCBID=128.104.5.142:9618%3faddrs%3d128.104.5.142-9618%26noUDP%26sock%3dcollector#48666754&addrs=128.104.102.57-43337&noUDP>
03/20/17 09:53:19 SECMAN: required authentication with
<128.104.102.57:42755> failed, so aborting command DC_CONFIG_VAL.
03/20/17 09:53:19 ERROR: AUTHENTICATE:1003:Failed to authenticate with
any method|AUTHENTICATE:1004:Failed to authenticate using FS
03/20/17 09:53:19 condor_write(): Socket closed when trying to write 12
bytes to <128.104.102.57:42755>, fd is 6
03/20/17 09:53:19 Buf::write(): condor_write() failed
Can't send end of message
==> StartLog <==
03/20/17 09:53:19 DC_AUTHENTICATE: required authentication of
128.104.5.142 failed: AUTHENTICATE:1003:Failed to authenticate with any
method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable
to lstat(/tmp/FS_XXX4Yr9sU)
With _CONDOR_SEC_CLIENT_AUTHENTICATION_METHODS=PASSWORD
no authentication method is mentioned:
# _CONDOR_SEC_CLIENT_AUTHENTICATION_METHODS=PASSWORD condor_config_val
-debug -dump -startd -name slot1@6178@gzk-7.chtc.wisc.edu
# Configuration from startd on slot1@6178@gzk-7.chtc.wisc.edu
<128.104.102.57:43337?CCBID=128.104.5.142:9618%3faddrs%3d128.104.5.142-9618%26noUDP%26sock%3dcollector#48666754&addrs=128.104.102.57-43337&noUDP>
03/20/17 09:54:13 SECMAN: required authentication with
<128.104.102.57:56668> failed, so aborting command DC_CONFIG_VAL.
03/20/17 09:54:13 ERROR: AUTHENTICATE:1003:Failed to authenticate with
any method
03/20/17 09:54:13 condor_write(): Socket closed when trying to write 12
bytes to <128.104.102.57:56668>, fd is 6
03/20/17 09:54:13 Buf::write(): condor_write() failed
Can't send end of message
==> StartLog <==
03/20/17 09:54:13 DC_AUTHENTICATE: required authentication of
128.104.5.142 failed: AUTHENTICATE:1003:Failed to authenticate with any
method
Vlad
On 03/16/2017 11:36 AM, Zach Miller wrote:
Is is possible to get condor_config_val to use password authentication?
(Somebody mentioned in the past that condor tools don't even attempt to
read the password file.)
It is possible.
By default, users running the tools don't have filesystem permissions to read the password file, which is why it's not in the default list of methods.
However, if you run condor_config_val as root (or as the condor user) then it can read the password file and authenticate. You also then need to tell the tool that it is allowed to attempt password authentication, which you can do temporarily by setting the environment variable:
_CONDOR_SEC_CLIENT_AUTHENTICATION_METHODS=PASSWORD
Or, you could add password to the list of client methods in your condor_config as well, but make sure you put it last since otherwise normal users running tools will attempt to use PASSWORD and it will always fail. Other methods may then be attempted, but it just increases network traffic and noise in the logs.
Cheers,
-zach
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/