[torqueusers] Torque GSSAPI branch: server_establish_context failed

Adam Steenwyk ajamess at umich.edu
Wed Jun 13 11:39:33 MDT 2007


Hello,

I've been working on setting up the torque gssapi branch to allow our users
to submit and run jobs which rely on resources which are stored on an AFS
server.  It's been built correctly to include the GSSAPI bits from svn (see
svn://www.clusterresources.com/torque/branches/gssapi) and as far as I can
tell, tokens are being passed to the mom running on our test machine.
However, jobs refuse to start - they simply remained queued.

First, I get tickets for my afs cell, then do an aklog, then submit my job
from afs:
Here's what's in the mom logs:

Accepting user creds for 115.<edited>
reading token flags: Success
reading token flags: Success
reading token flags: Success
reading token flags: Success
reading token flags: Success
reading token flags: Success
reading token flags: Success
reading token flags: Success
reading token flags: Success
reading token flags: Success
reading token flags: Success
06/13/2007 11:48:50;0080;   pbs_mom;Req;dis_request_read;decoding command
GSSForwardCreds from PBS_Server
06/13/2007 11:48:50;0100;   pbs_mom;Req;;Type GSSForwardCreds request
received from PBS_Server@<edited>, sock=10
06/13/2007 11:48:50;0008;   pbs_mom;Job;process_request;request type
GSSForwardCreds from host <edited> received
06/13/2007 11:48:50;0008;   pbs_mom;Job;process_request;request type
GSSForwardCreds from host <edited> allowed
06/13/2007 11:48:50;0008;   pbs_mom;Job;dispatch_request;dispatching request
GSSForwardCreds on sd=10
06/13/2007 11:48:50;0080;
pbs_mom;Svr;req_accept_forwarded_creds;server_establish_context failed : -1
06/13/2007 11:48:50;0080;   pbs_mom;Req;req_reject;Reject reply
code=15019(Invalid credential MSG=no forwarded principal!), aux=0,
type=GSSForwardCreds, from PBS_Server@<edited>

Looking around in the source code,  I tracked the server_establish_context
error message down to  the rpp_read() function found in
gssapi/src/lib/Libifl/rpp.c:3166.  This function returns  -1  when either:

 if ((index < 0) || (index >= stream_num) || (len < 0))
    {
    errno = EINVAL;

    return(-1);
    }

Or if:

switch (sp->state)
    {
    case RPP_DEAD:
    case RPP_FREE:
    case RPP_CLOSE_WAIT1:
    case RPP_CLOSE_WAIT2:
    case RPP_LAST_ACK:

      errno = ENOTCONN;

      return(-1);       /* stream closed */

      /*NOTREACHED*/

      break;

    default:

      /* NO-OP */

      break;
    }

This function returns to: int pbsgss_recv_token(s, flags, tok) found in
gssapi/src/lib/Libgss/pbsgss.c:228, pbsgss_recv_token then returns -1 due to
rpp_read() returning -1:

ret = read_all(s, (char *) &char_flags, 1);      //simply a fn ptr
(dis_gets) to rpp_read() [dis_gets = (int (*)(int, char *,
size_t))rpp_read;]
if (ret < 0) {
    perror("reading token flags"); //from output
    return -1;

Which in turn returns to: req_accept_forwarded_creds in
gssapi/src/resmom/requests.c:3784

  if ((i = pbsgss_server_establish_context(socket, server_creds,
&client_creds, &context,
                                           &client_name, &ret_flags)) < 0) {
    sprintf(log_buffer,"server_establish_context failed : %d",i);
    log_event(PBSEVENT_DEBUG,

PBS_EVENTCLASS_SERVER,"req_accept_forwarded_creds",log_buffer);

This is where the error message comes from in the mom logs.  Does anyone
have an idea as to what it means?

Thanks,

Adam - CAC, University of Michigan
**
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.supercluster.org/pipermail/torqueusers/attachments/20070613/b1a3de87/attachment.html


More information about the torqueusers mailing list