Ticket #2103: Control GSI_AUTHZ_CONF environment variable via condor configuration

Condor should set the environment variable GSI_AUTHZ_CONF in an analogous way to how it sets GRIDMAP. Currently, it does nothing to manage this environment variable. As of 7.5.6 (#1834), this environment variable controls where the globus mapping library looks for the mapping callout configuration.

Until Condor provides control over this setting, admins will need to be careful to set this environment variable if desired before launching condor. This may be particularly important for glideins. If this variable is unset, glideins that land on a system with /etc/grid-security/gsi-authz.conf will end up calling out to whatever external mapping plugins happen to be configured on the system. If the glidein ignores the results of the globus mapping, invoking the callout is inefficient. Even worse: Burt has observed a case where the callout caused the glidein to crash (#2104).

[Append remarks]

Remarks:

2012-Aug-27 13:47:13 by zmiller:
patch added in #2104 fixes this problem.
[Append remarks]

Properties:

Type: defect           Last Change: 2012-Sep-19 16:14
Status: resolved          Created: 2011-Apr-27 14:02
Fixed Version: v070804           Broken Version: v070506 
Priority:          Subsystem:  
Assigned To: danb           Derived From: #1834
Creator: danb  Rust:  
Customer Group: cms  Visibility: public 
Notify: burt@fnal.gov,sfiligoi@fnal.gov  Due Date:  

Related Check-ins:

2012-Sep-12 12:01   Check-in [33317]: first pass documentation of new knob GSI_AUTHZ_CONF ===GT=== #2103 (By Karen Miller )
2012-Sep-04 16:46   Check-in [33270]: Allow the globus callout to be selected via a Condor parameter #2103 Committer: Zach Miller (By Brian Bockelman )
2012-Sep-04 15:40   Check-in [33261]: Revert "Allow the globus callout to be selected via a Condor parameter #2103", deferred to 7.8.4 release This reverts commit 90b9c62c7f53ea0d17d953978a16e8ea560d5d3f. (By John (TJ) Knoeller )
2012-Aug-27 15:23   Check-in [33183]: Allow the globus callout to be selected via a Condor parameter #2103 Signed-off-by: Zach Miller <zmiller@cs.wisc.edu> Committer: Zach Miller (By Brian Bockelman )