Summary
On Unix or Linux, authentication is required and the user ID available to the emake client is not allowed on one of the agent nodes involved in the build.
Description
When authentication is required, a Unix or Linux agent allows only the user and group IDs that are available to the authenticated user on its node (the machine on which the agent is running). If the emake client specifies other user or group IDs than those available on the agent node, then the agent eliminates the unauthorized user and group IDs. If the actual user ID is not the one requested, then the agent sends this warning back to the emake client.
Reasons
The Kerberos principal used in authentication, namely the principal passed to kinit
or similar, specifies a particular user on the agent node. That principal may differ from the user who is running emake
. Alternatively, there is a mismatch between the emake client node and the agent node regarding which user ID is assigned to that user.
Fixes
First check that the principal used in authentication (typically the argument to kinit
) matches the Unix/Linux user account that is running emake. If not, then rerun kinit
(or similar) with a principal that does match the Unix/Linux user account (or switch to a different Unix/Linux user account and rerun kinit
).
If the principal and user match, then log in as that user on both the emake client node and the agent node, run id
in both accounts, and compare the results. Do they match? If not, then change the user ID on one of the machines to match the other, and reconcile the groups as well in order to avoid EC2133 and EC2134. Be sure that all agent nodes match each other, too, or you will just get the same error with a different agent node.
You can also check to see if there’s some kind of setuid/sudo wrapper around emake.