As part of the 9.0 security changes, some of the authorization levels for commands changed. This is mostly because several things changed from ALLOW_WRITE to ALLOW_DAEMON and some of the ALLOW_ configurations used to inherit from ALLOW_WRITE
and no longer do that.
You can put back the old ALLOW_* inheritance rules by adding
LEGACY_ALLOW_SEMANTICS = TRUE
to your configuration.
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx>
On Behalf Of David Cohen
Sent: Wednesday, November 23, 2022 7:44 AM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] Authentication error after upgrade to 10.0
Hi,
Our cluster was configured to use the PASSWORD authentication, when originally installed condor 8.8.
After the upgrade to 10.0.16 I commented out "use security:recommended_v9_0" and most of the functionality was restored. But reconfiguring the services without restarting fails both on the CE and the worker nodes. Sending a drain command from the central manager
also fails.
condor-ce]# condor_ce_reconfig
ERROR
SECMAN:2010:Received "DENIED" from server for user
condor@xxxxxxxxxxxxxxxxxx using method FS.
Can't send Reconfig command to local master
wn]# condor_reconfig
ERROR SECMAN:2010:Received "DENIED" from server for user unauthenticated@unmapped using no authentication method, which may imply host-based security. Our address was 'IPADDR', and server's address was 'IPADDR'. Check your ALLOW settings and IP protocols.
Can't send Reconfig command to local master
cm ~]# condor_drain -graceful tau-wn01.hep.tau.ac.il
Attempt to send DRAIN_JOBS to startd <IPADDR:9618?addrs=IPADDR-9618&alias=wn01.domain&noUDP&sock=startd_5918_d590> failed
Failed to start DRAIN_JOBS command to slot1_29@xxxxxxxxxxx
How can I restore that functionality and can I do it without dropping all running jobs on the nodes?
Thanks,
David
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}