Project

General

Profile

Feature #7101

Support kcron credentials

Added by Parag Mhashilkar about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
10/02/2014
Due date:
% Done:

100%

Estimated time:
Stakeholders:
Duration:

Description

Hi Parag/Dennis,

Do you know why a kcron principal doesn't work with jobsub_client? I can voms-proxy-init with it:

-bash-3.2$ voms-proxy-init -noregen -rfc -ignorewarn -valid 168:0 -bits 1024 -voms fermilab:/fermilab/nova/Role=Analysis
Your identity: /DC=gov/DC=fnal/O=Fermilab/OU=Robots/CN=novagpvm01.fnal.gov/CN=cron/CN=Joe B. Boyd/CN=UID:boyd
Contacting voms2.fnal.gov:15001 [/DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=Services/CN=voms2.fnal.gov] "fermilab" Done
Creating proxy ............................................ Done

But in the jobsub server log I get:

[25/Sep/2014:15:40:41] [auth.py:check_auth_wrapper]
[25/Sep/2014:15:40:41] [auth.py:check_auth_wrapper] DN: /DC=gov/DC=fnal/O=Fermilab/OU=Robots/CN=novagpvm01.fnal.gov/CN=cron/CN=Joe B. Boyd/CN=UID:boyd, acctgroup: nova
[25/Sep/2014:15:40:41] [auth.py:create_voms_proxy] create_voms_proxy: Authenticating DN: /DC=gov/DC=fnal/O=Fermilab/OU=Robots/CN=novagpvm01.fnal.gov/CN=cron/CN=Joe B. Boyd/CN=UID:boyd
[25/Sep/2014:15:40:41] [auth.py:check_auth_wrapper] User authorization has failed:Error authenticating DN='/DC=gov/DC=fnal/O=Fermilab/OU=Robots/CN=novagpvm01.fnal.gov/CN=cron/CN=Joe B. Boyd/CN=UID:boyd' for AcctGroup=''
[25/Sep/2014:15:40:41] [format.py:format_response_wrapper] Request content_type: application/json
[25/Sep/2014:15:40:41] [format.py:_format_response] application/json {'err': "User authorization has failed:Error authenticating DN='/DC=gov/DC=fnal/O=Fermilab/OU=Robots/CN=novagpvm01.fnal.gov/CN=cron/CN=Joe B. Boyd/CN=UID:boyd' for AcctGroup=''"}

Note the second line above has "acctgroup: nova" but then by the last line it says AcctGroup=''. I guess it's just a parsing issue.

I was hoping this would work but I'd rather have digicerts work don't spend time on this I guess. Just curious if it made sense.

Thanks,

joe

Steve Timm was able to get this work using his kcron credential so maybe there is something else going on other than mapping that we need to figure out.

<novagpvm01> grid-proxy-info
subject  : /DC=gov/DC=fnal/O=Fermilab/OU=Robots/CN=rsv1.fnal.gov/CN=cron/CN=Steven C. Timm/CN=UID:timm
issuer   : /DC=gov/DC=fnal/O=Fermilab/OU=Certificate Authorities/CN=Kerberized CA HSM
identity : /DC=gov/DC=fnal/O=Fermilab/OU=Robots/CN=rsv1.fnal.gov/CN=cron/CN=Steven C. Timm/CN=UID:timm
type     : end entity credential
strength : 1024 bits
path     : /tmp/x509up_u2904
timeleft : 59:55:51  (2.5 days)

History

#1 Updated by Parag Mhashilkar about 6 years ago

  • Assignee set to Dennis Box
  • Target version set to v1.0.2

#2 Updated by Dennis Box about 6 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

see branch 7101

#3 Updated by Parag Mhashilkar about 6 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF