Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] [condor 23.x] PERMISSION DENIED after 23.10.x upgrade
- Date: Fri, 7 Mar 2025 16:30:06 +0000
- From: Jaime Frey <jfrey@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] [condor 23.x] PERMISSION DENIED after 23.10.x upgrade
Iâm surprised this upgrade caused things to break. In HTCondor 23.9.6, we changed the identity used when authenticating with a pool password or IDTokens signing key to âcondor@passwordâ. We also updated the default configuration values to match, but customized settings could break. But your starting version (23.10.2) should have behaved the same way as the upgraded version.
Adding âcondor@passwordâ to the ALLOW_ADMINISTRATOR list will solve the problem.
Alternatively, you can ensure that in SEC_DEFAULT_AUTHENTICATION_METHODS, FS appears before IDTOKENS.
- Jaime
> On Mar 7, 2025, at 9:30âAM, Francesco Di Nucci <francesco.dinucci@xxxxxxxxxx> wrote:
>
> Hello,
>
> I've upgraded HTCondor from 23.10.2 to 23.10.21 on some EL9 pool execution points/computational nodes and condor stops working, even if the configuration has not been changed.
>
> Before the upgrade these are the installed packages:
>
> condor-23.10.2-1.el9.x86_64
> condor-upgrade-checks-23.10.19-1.el9.x86_64
> python3-condor-23.10.2-1.el9.x86_64
>
> and for example it works with
>
> $ sudo condor_reconfig
> Sent "Reconfig" command to local master
>
> After upgrading and rebooting, these are the installed packages:
>
> condor-23.10.21-1.el9.x86_64
> condor-upgrade-checks-23.10.21-1.el9.x86_64
> python3-condor-23.10.21-1.el9.x86_64
>
> and condor stops working, for example:
>
> $ sudo condor_reconfig
> ERROR
> SECMAN:2010:Received "DENIED" from server for user condor@password using method IDTOKENS.
> Can't send Reconfig command to local master
>
> Relevant log entry seems to be in MasterLog:
>
> PERMISSION DENIED to condor@password from host 10.137.2.44 for command 60012 (DC_RECONFIG_FULL), access level ADMINISTRATOR: reason: ADMINISTRATOR authorization policy contains no matching ALLOW entry for this request; identifiers used for this host: 10.137.2.44,xc-wn001.na.infn.it, hostname size = 1, original ip address = 10.137.2.44
>
> Has it happened to someone else? Have there been any changes to the auth settings?
>
> Thanks in advance
>
> --
> Francesco Di Nucci
> System Administrator
> Compute & Networking Service, INFN Naples
>
> Email: francesco.dinucci@xxxxxxxxxx
>
>
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
>
> Join us in June at Throughput Computing 25: https://urldefense.com/v3/__https://osg-htc.org/htc25__;!!Mak6IKo!JCPKMH8vW2YhVxhpDJKvSTl2VbiHfuVRYpXwPASWAa9yS2DsoP6eJa5-udW8hBFFml0W9zAtqYELLCWK6Su5s3fuvxkSjk4$
> The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/