Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] 10.x IDTOKEN not working (10.0 token does)

Hi Steven,

Â1.Â
; condor_config_val SEC_DEFAULT_AUTHENTICATION_METHODS
Not defined: SEC_DEFAULT_AUTHENTICATION_METHODS

2.
It looks like the only file it is dropping in /etc/condor/config.d is the same 00-hcondor-9.0.config as 10.0 drops, with "use security:recommended_v9_0".

3.
I'll look at this later because...

4.
...The iss field does not match. On my existing hosts it points at the condor_host but on the new one it points at the new host. Interresting. I'm using the same script and the same (manually entered) password on all hosts. I've made sure 'condor_config_val condor_host' returns the correct value and re-run the script but the token still has the wrong iss value.

nomad

On Wed, Jun 28, 2023 at 2:02âPM Steven C Timm via HTCondor-users <htcondor-users@xxxxxxxxxxx> wrote:
3 questionsâ1âis SEC_DEFAULT_AUTHENTICATION_METHODS really undefined or just going to its default values.
2âdid 10.x install dump an extra condor_config file into your directory you weren't counting on
3âdo you have the output for D_FULLDEBUG D_SECURITY:2 from the client side


In any case the next thing to do is to dump your idtoken with condor_token_list and make sure that the "iss" fieldÂ
matches the current value of TRUST_DOMAIN on the collector. Also that the signing key matches between the two.. presumably
since you didn't specify one you were signing with the pool password of the collector, need to be sure that's the same.