EC2132

2 minute readReference

Synopsis

On Unix or Linux, authentication is required and the user ID available to the eMake client is not allowed on one of the agent hosts involved in the build.

Description

When authentication is required, a Unix or Linux agent allows only the user and group IDs that are available to the authenticated user on its host (the machine on which the agent is running). If the eMake client specifies other user or group IDs than those available on the agent host, then the agent eliminates the unauthorized user and group IDs. If the actual user ID is not the one requested, then the agent sends this warning back to the eMake client.

Reasons

The Kerberos principal used in authentication, namely the principal passed to kinit or similar, specifies a particular user on the agent host. That principal may differ from the user who is running eMake. Alternatively, there is a mismatch between the eMake client host and the agent host regarding which user ID is assigned to that user.

Fixes

First check that the principal used in authentication (typically the argument to kinit) matches the Unix/Linux user account that is running eMake. If not, then rerun kinit (or similar) with a principal that does match the Unix/Linux user account (or switch to a different Unix/Linux user account and rerun kinit).

If the principal and user match, then log in as that user on both the eMake client host and the agent host, run id in both accounts, and compare the results. Do they match? If not, then change the user ID on one of the machines to match the other, and reconcile the groups as well in order to avoid EC2133 and EC2134. Be sure that all agent hosts match each other, too, or you will just get the same error with a different agent host.

You can also check to see if there is some type of setuid/sudo wrapper around eMake.