Bug 675968 - condor mismatches different users on different OSes
Summary: condor mismatches different users on different OSes
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: condor
Version: 1.3
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: 2.0
: ---
Assignee: Timothy St. Clair
QA Contact: MRG Quality Engineering
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-08 13:20 UTC by Martin Kudlej
Modified: 2011-03-24 12:36 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-03-24 12:36:52 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 608027 0 high CLOSED cannot transfer files back to submit machine 2021-02-22 00:41:40 UTC

Internal Links: 608027

Description Martin Kudlej 2011-02-08 13:20:51 UTC
Description of problem:
This bug is based on bug 608027. Condor mismatches user account which is on submit machine and user account which is on central manager. They are completely different user accounts on different operating systems.

Version-Release number of selected component (if applicable):
condor-7.4.5-0.7

How reproducible:
100%

Steps to Reproduce:
1. set up condor central manager and scheduler on linux
2. set up condor execute node on windows
3. disable authentication (claimtobe for client and default authentication variables)
4. create user with same name/login on both systems - they are different user accounts
5. submit windows job from windows to linux CM by condor_submit.exe -name <schedd> -spool
6. after job is done try to transfer files back to submit machine condor_transfer_data.exe -name <schedd name> <clusterid>
  
Actual results:
Condor mismatches different user accounts which have just the same name/login.

Expected results:
Condor will differ different user accounts which have just the same name/login. So it will allow just users who are authenticated in both operating system by one authentication authority. This can be verified by these scenarios:
1) one authentication authority for both OSes. authentication in condor is enabled. jobs are submitted ok and files are transferred back ok. Condor authenticates user on both sides by one authentication authority.
2) condor authentication is set to file system authentication on both systems and condor will denied submit/transfer files back/run job/...
3) condor authentication is off(claimtobe) and on both OSes are different user accounts. It is possible to submit jobs/transfer files back/run job/...

Comment 1 Matthew Farrellee 2011-02-08 18:00:46 UTC
Is this purely an OS difference issue, or is it a identity domain issue?

Does this appear if the UID_DOMAIN is different for the nodes?

Does this appear if two EL boxes have different passwd files?

Comment 5 Timothy St. Clair 2011-03-21 21:50:30 UTC
From the manual: 

The authentication method, CLAIMTOBE, trusts the identity claimed by a host or
IP address.

Notes:

So in scanning the files, it appears you are testing with CLAIMTOBE?  

In general, CLAIMTOBE does not attempt to validate against a single source, primarily for testing purposes.  If stronger methods are desired, which it appears that is what you are looking for above, then another authentication method should be chosen.  

This appears to be a UID_DOMAIN issue, as CLAIMTOBE will not check against any central authority.  

Could you please elaborate on what your expectations are, and how they differ from existing documentation.


Note You need to log in before you can comment on or make changes to this bug.