Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
|
So tl;dr if the debug info says "no token found" what it really means is that it didn't find a token that was matching the security domain of the
collector to which you are trying to authenticate. Right thing to do is to re-issue the token with an "iss:" field that matches the TRUST_DOMAIN
of what the collector is now, or change the TRUST_DOMAIN of the collector to match the token you have.
Steve
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Lee Damon <lvd@xxxxxx>
Sent: Wednesday, June 28, 2023 4:19 PM To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx> Subject: Re: [HTCondor-users] 10.x IDTOKEN not working (10.0 token does) Hi Steven,
nomad
1.
; condor_config_val SEC_DEFAULT_AUTHENTICATION_METHODS
Not defined: SEC_DEFAULT_AUTHENTICATION_METHODS 2.
It looks like the only file it is dropping in /etc/condor/config.d is the same 00-hcondor-9.0.config as 10.0 drops, with "use security:recommended_v9_0".
3.
I'll look at this later because...
4.
...The iss field does not match. On my existing hosts it points at the condor_host but on the new one it points at the new host. Interresting. I'm using the same script and the same (manually entered) password on all hosts. I've made sure 'condor_config_val
condor_host' returns the correct value and re-run the script but the token still has the wrong iss value.
On Wed, Jun 28, 2023 at 2:02âPM Steven C Timm via HTCondor-users <htcondor-users@xxxxxxxxxxx> wrote:
|