Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] condor_ssh_to_job & (remote) DAG
- Date: Wed, 16 Jul 2025 12:54:10 +0000
- From: Ben Jones <ben.dylan.jones@xxxxxxx>
- Subject: Re: [HTCondor-users] condor_ssh_to_job & (remote) DAG
Hi Brian,
>
> Know what would help? Could you send a DAGMan log with D_SECURITY:2?
Sure, Iâll generate and send one off-list.
> In general, I strongly suggest the same "user" identifier to result regardless of what authentication method is used. We tend to have subtle assumptions based on the identity not changingâ
I donât disagree, but we have forever had:
KERBEROS /^([^@\/]*)@(.*)$/ \1@\2
FS /(.*)/ \1@fsauth
Btw, whatever the differences, itâs not just DAG, since as I mention, a queue super user on the AP canât ssh to any job (on v24):
[root@babybird02 ~]# condor_q -all
-- Schedd: babybird02.cern.ch : <188.184.96.224:22845?... @ 07/16/25 14:52:28
OWNER BATCH_NAME SUBMITTED DONE RUN IDLE TOTAL JOB_IDS
bejones ID: 195 7/16 14:52 _ 1 _ 1 195.0
bejones DAG: 196 7/16 14:52 _ 1 _ 1 197.0
Total for query: 2 jobs; 0 completed, 0 removed, 0 idle, 2 running, 0 held, 0 suspended
Total for all users: 2 jobs; 0 completed, 0 removed, 0 idle, 2 running, 0 held, 0 suspended
[root@babybird02 ~]# condor_ssh_to_job 195.0
condor is not authorized for access to the starter for job 195.0
[root@babybird02 ~]# condor_ssh_to_job 197.0
condor is not authorized for access to the starter for job 197.0
[root@babybird02 ~]# condor_config_val QUEUE_SUPER_USERS
root, condor
cheers,
Ben