Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] QmgmtSetEffectiveOwner

This is an issue in 23.9.X. We plan to have a fix in 23.10.X, or you can try using an older version (for example, 23.8.X).

The underlying problem is that the schedd currently assumes that if userA@xxxxxxx, userA@xxxxxxx, and UserA@xxxxxxxxxxx all submit jobs, those jobs should be run as OS account userA on the local system. Weâre starting to have the schedd distinguish between these identities, so that a userA from a remote organization either cannot submit jobs or those jobs are run under a generic account.

An immediate fix for you is to issue a new IDToken with identity usera@xxxxxxx, following your example names. Or you could change the UID_DOMAIN parameter in the scheddâs configuration to hostname.fqdn.

 - Jaime

On Aug 21, 2024, at 7:19âPM, Rita <rmorgan466@xxxxxxxxx> wrote:

No it doesn't. 

condor_config_val UID_DOMAIN

I see it doing usera@xxxxxxxxxxxxxx 

Anyway to fix that?


On Wed, Aug 21, 2024 at 4:53âPM Jaime Frey via HTCondor-users <htcondor-users@xxxxxxxxxxx> wrote:
Does the UID_DOMAIN config parameter match the hostname after the â@â in the errors quoted below?

 - Jaime

On Aug 20, 2024, at 6:06âAM, Rita <rmorgan466@xxxxxxxxx> wrote:

Is this a permission issue? 

On Mon, Aug 19, 2024 at 3:28âPM Rita <rmorgan466@xxxxxxxxx> wrote:
I am using IDOTOKENS. I submit a job remotely. The remote scheduler submits the job fine. However, the job is idle.

On the remote ScheddLog I see, 
PERMISSION GRANTED to condor@child from host <ipaddress> for command 1112(QMGMT_WRITE_CMD), access level WRITE: reason: WRITE authorization has been made automatic for condor@child
QmgmtSetEffectiveOwner real=condor@family(super) is not allowed to set effective to usera@hostname
SetEffectiveOwner security violation: attempting to set owner to dis-allow value user@hostname

Any idea how i can overcome this?


_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/


--
--- Get your facts first, then you can distort them as you please.--