Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
|
We recently changed to htcondor 8.8.8 to run our startds. I am seeing the following error when the startd attempts to connect back to the central pool:
3/28/20 09:55:36 Condor GSI authentication
failure
GSS Major Status: Communications Error GSS Minor Status Error Chain: (null) 03/28/20 09:55:36 DC_AUTHENTICATE: required authentication of 206.76.217.23 fail ed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:F ailed to authenticate using GSI|GSI:5004:Failed to authenticate. Globus is repo rting error (589824:0) 03/28/20 09:55:37 Condor GSI authentication failure GSS Major Status: Communications Error GSS Minor Status Error Chain: (null) 03/28/20 09:55:37 DC_AUTHENTICATE: required authentication of 206.76.217.23 fail ed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:F ailed to authenticate using GSI|GSI:5004:Failed to authenticate. Globus is repo rting error (589824:0) The above is on server side.. the client side says:
03/28/20 10:39:14 (pid:288764) SECMAN: required authentication with collector cmssrv605.fnal.gov:9622 failed, so aborting command INVALIDATE_STARTD_ADS. 03/28/20 10:39:14 (pid:288764) ERROR: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using GSI|GSI:5004:Failed to authenticate. Globus is reporting error (655360:1559) 03/28/20 10:39:14 (pid:288764) Failed to send update to collector cmssrv605.fnal.gov:9622. 03/28/20 10:39:14 (pid:288764) Condor GSI authentication failure GSS Major Status: Authentication Failed GSS Minor Status Error Chain: globus_gss_assist: Error during context initialization globus_gsi_callback_module: Could not verify credential globus_gsi_callback_module: Could not verify credential globus_gsi_callback_module: Invalid CRL: The available CRL has expired But I am using the CRL's as stored in /cvmfs at
/cvmfs/oasis.opensciencegrid.org/osg-software/osg-wn-client/certificates and they appear to be fine.
Have also verified the condor config to make sure it is pointing at that directory.
It doesn't say which of the CRL's is supposedly expired There are three in the chain of the
certificate that it could be.
Also under 8.8.8 things are not failing everywhere, just at one remote glidein site
where we are picking up cvmfs in a non-standard way.
Steve Timm
|