Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[HTCondor-users] probems with condor_store_cred
- Date: Wed, 2 Jul 2025 17:51:05 +0200
- From: Stefano Belforte <stefano.belforte@xxxxxxx>
- Subject: [HTCondor-users] probems with condor_store_cred
Dear experts,
We in CMS have an odd problem with this command used for oauth2.
IIUC the -n option wants a "machine name", i.e. a FQDN.
But when we try -n crab-sched-901.cern.ch we get:
Can't find address for schedd crab-sched-901.cern.ch
[1]
which sort of makes sense to me because the schedd on that host
has a different name: crab3@xxxxxxxxxxxxxxxxxxxxxx
So assuming that condor_store_cred really wants to talk to the schedd,
we tried
-n crab3@xxxxxxxxxxxxxxxxxxxxxx but got
ERROR: SECMAN:2011:Connection closed during command authorization.
Probably due to an unknown command.
[2]
and correspondently in the SchedLog at target machine we see
Received TCP command (479) (UNREGISTERED COMMAND!) from
<[2001:1458:d00:4e::100:498]:14885>
Is it possible that somehow condor_store_cred requires that
a schedd is running on the target machine with the same name
as the host, so it can locate it ([1]) and then will send the command
to the credd daemon, not the schedd daemon which I guess it is
in its own right in not knowing what to do with a credential store
command [2] ?
Or am I simply hopelessly confused ?
As usual access to the machine(s) can be given.
Stefano
[1]
[root@vocms900 tmp]# /usr/sbin/condor_store_cred -d -u crabtw@GlobalPool
-s cms_crab -n crab-sched-901.cern.ch -i /tmp/vtkn\_mtb2081106.json
add-oauth
Account: crabtw@GlobalPool
CredType: oauth
07/02/25 17:44:30 STORE_CRED: In mode 40 'add', user is "crabtw@GlobalPool"
07/02/25 17:44:30 Can't find address for schedd crab-sched-901.cern.ch
07/02/25 17:44:30 STORE_CRED: Failed to start STORE_CRED command. Unable
to contact schedd crab-sched-901.cern.ch
Operation failed.
ÂÂÂ Make sure your ALLOW_WRITE setting includes this host.
[root@vocms900 tmp]#
[2]
[root@vocms900 tmp]# /usr/sbin/condor_store_cred -d -u crabtw@GlobalPool
-s cms_crab -n crab3@xxxxxxxxxxxxxxxxxxxxxx -i
/tmp/vtkn\_mtb2081106.json add-oauth
Account: crabtw@GlobalPool
CredType: oauth
07/02/25 17:46:47 STORE_CRED: In mode 40 'add', user is "crabtw@GlobalPool"
07/02/25 17:46:47 SECMAN: no classad from server, failing
07/02/25 17:46:47 ERROR: SECMAN:2011:Connection closed during command
authorization. Probably due to an unknown command.
07/02/25 17:46:47 STORE_CRED: Failed to start STORE_CRED command. Unable
to contact schedd crab3@xxxxxxxxxxxxxxxxxxxxxx
Operation failed.
ÂÂÂ Make sure your ALLOW_WRITE setting includes this host.
[root@vocms900 tmp]#