[torquedev] Re: [torqueusers] host not authorized

Sergio Gelato Sergio.Gelato at astro.su.se
Tue Apr 29 14:50:22 MDT 2008


* Brock Palen [2008-04-28 15:03:42 -0400]:
> Thanks,
> I backed up to r1987  which is back to 2.3 days.
> 
> I am now getting a new error that we never used to get.  I will dig  
> more to find what is going on but maybe someone has seen this before:
> 
> 04/28/2008 14:21:10;0080;PBS_Server;Svr;req_quejob;saving creds.   
> conn is 10, creds (nil), princ (null)

It looks like you didn't authenticate using GSS at all:
svr_conn[preq->rq_conn].principal is NULL.

> 04/28/2008 14:21:10;0080;PBS_Server;Req;req_reject;Reject reply  
> code=15018(Unknown queue MSG=cannot save creds), aux=0,  
> type=QueueJob, from brockp at gridlock.engin.umich.edu

Question: how would you like TORQUE to handle the case of
non-GSS authentication/non-forwarded credentials at your site? 
The code as it stands will always reject the job when that happens; 
if you want it to continue anyway (maybe that's acceptable in your 
environment) then someone will have to code up that behaviour.

> This is very much a GSSAPI branch problem.

Yes.

I'm attaching a completely untested patch (I hope it compiles) that
tries to address some of the problems at hand:
1) don't try to save credentials if the principal is NULL;
2) emit a more helpful error message if no forwarded credentials are
   available;
3) add a missing return statement after a call to req_reject().
As the FIXME comment indicates, there is room for further work.

> Thanks,
> 
> Brock Palen
> www.umich.edu/~brockp
> Center for Advanced Computing
> brockp at umich.edu
> (734)936-1985
> 
> 
> 
> On Apr 28, 2008, at 12:54 PM, Glen Beane wrote:
> 
> >
> >
> >On Mon, Apr 28, 2008 at 12:50 PM, Brock Palen <brockp at umich.edu>  
> >wrote:
> >Steve,
> >What Trunk was this introduced at?  I did a fresh checkout of the  
> >GSSAPI branch today, and its last merged trunk was: trunk at 2021
> >
> >
> >I think the problem was introduced with revision 2014
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gssapi-req_queuejob-1.patch
Type: text/x-diff
Size: 2101 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torquedev/attachments/20080429/974ebb4b/gssapi-req_queuejob-1.bin


More information about the torquedev mailing list