Iâm surprised this upgrade caused things to break. In HTCondor 23.9.6, we changed the identity used when authenticating with a pool password or IDTokens signing key to âcondor@passwordâ. We also updated the default configuration values to match, but customized settings could break. But your starting version (23.10.2) should have behaved the same way as the upgraded version.
Adding âcondor@passwordâ to the ALLOW_ADMINISTRATOR list will solve the problem.
Alternatively, you can ensure that in SEC_DEFAULT_AUTHENTICATION_METHODS, FS appears before IDTOKENS.
- Jaime
On Mar 7, 2025, at 9:30âAM, Francesco Di Nucci <francesco.dinucci@xxxxxxxxxx> wrote:
Hello,
I've upgraded HTCondor from 23.10.2 to 23.10.21 on some EL9 pool execution points/computational nodes and condor stops working, even if the configuration has not been changed.
Before the upgrade these are the installed packages:
condor-23.10.2-1.el9.x86_64
condor-upgrade-checks-23.10.19-1.el9.x86_64
python3-condor-23.10.2-1.el9.x86_64
and for example it works with
$ sudo condor_reconfig
Sent "Reconfig" command to local master
After upgrading and rebooting, these are the installed packages:
condor-23.10.21-1.el9.x86_64
condor-upgrade-checks-23.10.21-1.el9.x86_64
python3-condor-23.10.21-1.el9.x86_64
and condor stops working, for example:
$ sudo condor_reconfig
ERROR
SECMAN:2010:Received "DENIED" from server for user condor@password using method IDTOKENS.
Can't send Reconfig command to local master
Relevant log entry seems to be in MasterLog:
PERMISSION DENIED to condor@password from host 10.137.2.44 for command 60012 (DC_RECONFIG_FULL), access level ADMINISTRATOR: reason: ADMINISTRATOR authorization policy contains no matching ALLOW entry for this request; identifiers used for this host: 10.137.2.44,xc-wn001.na.infn.it, hostname size = 1, original ip address = 10.137.2.44
Has it happened to someone else? Have there been any changes to the auth settings?
Thanks in advance
--
Francesco Di Nucci
System Administrator
Compute & Networking Service, INFN Naples
Email: francesco.dinucci@xxxxxxxxxx
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
Join us in June at Throughput Computing 25: https://urldefense.com/v3/__https://osg-htc.org/htc25__;!!Mak6IKo!JCPKMH8vW2YhVxhpDJKvSTl2VbiHfuVRYpXwPASWAa9yS2DsoP6eJa5-udW8hBFFml0W9zAtqYELLCWK6Su5s3fuvxkSjk4$
The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
Join us in June at Throughput Computing 25: https://osg-htc.org/htc25
The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}