Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Configure HTCondor for SciTokens

Date: Wed, 07 Jun 2023 13:54:18 -0700 (PDT)
From: Marcus Ebert <mebert@xxxxxxx>
Subject: Re: [HTCondor-users] Configure HTCondor for SciTokens


Hi Max,

Thanks! Submitting jobs works now - the missing part was the host certconfiguration. Before it was defined in GSI_DAEMON_CERT/GSI_DAEMON_KEYwhile without GSI it needs to be set asAUTH_SSL_SERVER_CERTFILE/AUTH_SSL_SERVER_KEYFILE. I missed that.

In case someone else needs to update, what I changed in the condor configso far is:

* create map file with: "SCITOKENS <issuer>,<subject> <username>
* set CERTIFICATE_MAPFILE to this mapfile
* define AUTH_SSL_SERVER_CERTFILE and AUTH_SSL_SERVER_KEYFILE
* add SCITOKENS to SEC_DEFAULT_AUTHENTICATION_METHODS

With that, experiments can submit jobs again. However, it seems it was notnecessary to escape any characters in the map file.

What is left now is to allow the worker nodes to connect to the mainserver using SSL authentication...



Cheers,
 Marcus

References:
- [HTCondor-users] Configure HTCondor for SciTokens
  - From: Marcus Ebert
- Re: [HTCondor-users] Configure HTCondor for SciTokens
  - From: Fischer, Max (SCC)

Prev by Date: Re: [HTCondor-users] Docker universe and file transfer plugins
Next by Date: Re: [HTCondor-users] Docker universe and file transfer plugins
Previous by thread: Re: [HTCondor-users] Configure HTCondor for SciTokens
Next by thread: [HTCondor-users] Docker universe and file transfer plugins
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [HTCondor-users] Configure HTCondor for SciTokens