Re: [HTCondor-users] Configure HTCondor for SciTokens

["Fischer, Max (SCC)" <max.fischer@xxxxxxx>]

Hi Marcus,

at its core the HTCondor-CE is itself also a regular HTCondor (primarily a Schedd) just configured in a specific way. You can mostly apply the same advice to a non-CE HTCondor.

Apply the advice on configuring CE authentication [0] to your poolâs Schedd and things should work. Specifically, you need a mapfile with `SCITOKENS <issuer>,<subject> <username>` rules, and probably need to setup the SSL certificates. Make sure to add `SCITOKENS` to the `SEC_DEFAULT_AUTHENTICATION_METHODS` to enable it (and similar, if you define those fine grained).

Cheers,

Max

[0] https://htcondor.com/htcondor-ce/v6/configuration/authentication/

On 6. Jun 2023, at 23:09, Marcus Ebert <mebert@xxxxxxx> wrote:

Hi All,

So far we used HTCondor 8.8 with GSI where jobs get submitted by an experiment remotely, mapped to a single local user for each experiment.

Now, we need to switch to HTCondor 10 doing the same with SciTokens. All we have from the experiment is the issuer URL and the IDs that would be used to submit the job.

Searching the web, I can find instructions how to configure HTCondorCE but we do not have the CE, just plain HTCondor batch system. How would I need to change the configuration to support submissions from a remote host to our HTCondor system authenticating the user via SciTokens instead of X509 proxies?


Cheers,
Marcus
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

Attachment: smime.p7s
Description: S/MIME cryptographic signature